@scottalanmiller said in The Death of Sysadmin:

@Emad-R said in The Death of Sysadmin:

The number of servers one sysadmin is handling is increasing and increasing, I think even you said it yourself.
back in the day 1 sysadmin can manage = few servers, afterward it is 50-100, now it is expected to be able to manage 100-500. One day we wouldn't need to manage anything.

Yes, but then the value and expertise of that system admin keep increasing, too. And there are loads and loads of private clouds. Each cloud is the new "computer".

Exactly what we call DevOPs now is the new System Admin. They are higher paid and more knowledgeable. Things have been going this way for awhile so you should not be surprised. Imagine what you'd be worth if you had AWS / Azure certifications right now

In fact, this is an opportunity for you to go this route. You have to leave the old mentality behind to grow in a new, ever changing environment.

@RojoLoco said in What Are You Doing Right Now:

Cold brew coffee recipe:

Park it in the fridge and wait at least 5 days, 7 or more is best.

@Kelly said in Art applications:

@IRJ said in Art applications:

@Obsolesce said in Art applications:

Never heard of any of those except gimp.

Inkscape and Blender are very popular ass well

Freudian slip?

@Obsolesce said in Art applications:

Never heard of any of those except gimp.

Inkscape and Blender are very popular ass well

Weird post?

Here is a one click install bash script for Ubuntu 1804. This setups up a wordpress instance with nginx and NAXSI WAF. This is so much awesome. Just run the script and you will have Wordpress, Mariadb, NGINX, and a WAF automatically spun up. All you need to do is browse to IP and setup Wordpress

Tested on Ubuntu 18.04 LTS.

You guys need to try it out

#***********************************************************
# Run Updates and install Pre-requisites
#***********************************************************


apt update -y
#apt upgrade -y
apt -y install libpcre3-dev libssl-dev unzip build-essential daemon libxml2-dev libxslt1-dev libgd-dev libgeoip-dev zlib1g-dev libpcre3


#***********************************************************
# Download and extract NGINX and NAXSI
#***********************************************************

mkdir ~/nginx-waf
wget https://nginx.org/download/nginx-1.16.1.tar.gz -O ~/nginx-waf/nginx.tar.gz
tar xzf ~/nginx-waf/nginx.tar.gz -C ~/nginx-waf
wget https://github.com/nbs-system/naxsi/archive/master.zip -O ~/nginx-waf/waf.zip
unzip ~/nginx-waf/waf.zip -d ~/nginx-waf/


#***********************************************************
# Create script to compile NGINX with NAXSI firewall
#***********************************************************

cat > ~/nginx-waf/nginx-1.16.1/install.sh <<\EOF
cd ~/nginx-waf/nginx-1.16.1/
./configure --conf-path=/etc/nginx/nginx.conf --add-module=../naxsi-master/naxsi_src/ --error-log-path=/var/log/nginx/error.log --http-client-body-temp-path=/var/lib/nginx/body --http-fastcgi-temp-path=/var/lib/nginx/fastcgi --http-log-path=/var/log/nginx/access.log --http-proxy-temp-path=/var/lib/nginx/proxy --lock-path=/var/lock/nginx.lock --pid-path=/var/run/nginx.pid --user=www-data --group=www-data --with-http_ssl_module --without-mail_pop3_module --without-mail_smtp_module --without-mail_imap_module --without-http_uwsgi_module --without-http_scgi_module --prefix=/usr
make
make install
EOF

#***********************************************************
# Compile NGINX and NAXSI
#***********************************************************

sh ~/nginx-waf/nginx-1.16.1/install.sh

sleep 10s


#***********************************************************
# Configure NGINX to use fastcgi
#***********************************************************

mkdir -p /var/lib/nginx/{body,fastcgi}


#***********************************************************
# Configure Firewall Rules
#***********************************************************

cp ~/nginx-waf/naxsi-master/naxsi_config/naxsi_core.rules /etc/nginx/



cat > /etc/nginx/naxsi.rules <<\EOF
SecRulesEnabled;
DeniedUrl "/RequestDenied";
## Check Naxsi rules
CheckRule "$SQL >= 8" BLOCK;
CheckRule "$RFI >= 8" BLOCK;
CheckRule "$TRAVERSAL >= 4" BLOCK;
CheckRule "$EVADE >= 4" BLOCK;
CheckRule "$XSS >= 8" BLOCK;
EOF


#***********************************************************
# Create nginx config file with NAXSI configurations included
#***********************************************************


cat > /etc/nginx/nginx.conf <<\EOF
#user  nobody;
worker_processes  1;

#error_log  logs/error.log;
#error_log  logs/error.log  notice;
#error_log  logs/error.log  info;

#pid        logs/nginx.pid;


events {
    worker_connections  1024;
}


http {
    include       mime.types;
    include       /etc/nginx/naxsi_core.rules;
        include     /etc/nginx/conf.d/*.conf;
        include     /etc/nginx/sites-enabled/*;


    default_type  application/octet-stream;
    access_log /var/log/nginx/access.log;
    error_log /var/log/nginx/error.log;

    #log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
    #                  '$status $body_bytes_sent "$http_referer" '
    #                  '"$http_user_agent" "$http_x_forwarded_for"';

    #access_log  logs/access.log  main;

    sendfile        on;
    #tcp_nopush     on;

    #keepalive_timeout  0;
    keepalive_timeout  65;

    #gzip  on;

    server {
        listen       80;
        server_name  localhost;
        root /;

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
            include /etc/nginx/naxsi.rules;
                root   html;
                index  index.html index.htm;
        }

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        location = /50x.html {
            root   html;
        }

        # proxy the PHP scripts to Apache listening on 127.0.0.1:80
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000

        location ~ \.php$ {
            fastcgi_pass unix:/var/run/php/php7.2-fpm.sock;
            fastcgi_param SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
            include fastcgi_params;
        }

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


    # another virtual host using mix of IP-, name-, and port-based configuration
    #
    #server {
    #    listen       8000;
    #    listen       somename:8080;
    #    server_name  somename  alias  another.alias;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}


    # HTTPS server
    #
    #server {
    #    listen       443 ssl;
    #    server_name  localhost;

    #    ssl_certificate      cert.pem;
    #    ssl_certificate_key  cert.key;

    #    ssl_session_cache    shared:SSL:1m;
    #    ssl_session_timeout  5m;

    #    ssl_ciphers  HIGH:!aNULL:!MD5;
    #    ssl_prefer_server_ciphers  on;

    #    location / {
    #        root   html;
    #        index  index.html index.htm;
    #    }
    #}

}

EOF

sleep 1s

#***********************************************************
# Create NGINX upstart script
#***********************************************************

cat > /etc/init.d/nginx <<\EOF
#! /bin/sh PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin 
 DAEMON=/usr/sbin/nginx 
 NAME=nginx 
 DESC=nginx
 
 test -x $DAEMON || exit 0 
 # Include nginx defaults if available 
 if [ -f /etc/nginx ] ; then 
         . /etc/nginx 
 fi
 
 set -e
 
 case "$1" in 
     start)
         echo -n "Starting $DESC: " 
         start-stop-daemon --start --quiet --pidfile /var/run/nginx.pid \ 
             --exec $DAEMON -- $DAEMON_OPTS 
         echo "$NAME." 
         ;; 
     stop) 
         echo -n "Stopping $DESC: " 
         start-stop-daemon --stop --quiet --pidfile /var/run/nginx.pid \ 
             --exec $DAEMON 
         echo "$NAME." 
         ;; 
     restart|force-reload) 
         echo -n "Restarting $DESC: " 
         start-stop-daemon --stop --quiet --pidfile \ 
             /var/run/nginx.pid --exec $DAEMON 
         sleep 1 start-stop-daemon --start --quiet --pidfile \ 
             /var/run/nginx.pid --exec $DAEMON -- $DAEMON_OPTS 
         echo "$NAME." 
         ;; 
     reload) 
         echo -n "Reloading $DESC configuration: " 
         start-stop-daemon --stop --signal HUP --quiet --pidfile /var/run/nginx.pid \ 
             --exec $DAEMON 
         echo "$NAME." 
         ;; 
     *) 
         N=/etc/init.d/$NAME 
         echo "Usage: $N {start|stop|restart|force-reload}" >&2 
         exit 1 
         ;; 
 esac
 
 exit 0

EOF


systemctl daemon-reload

#***********************************************************
# Create custom NGINX service file
#***********************************************************

cat > /lib/systemd/system/nginx.service <<\EOF
[Unit]
Description=A high performance web server and a reverse proxy server
Documentation=man:nginx(8)
After=syslog.target network.target remote-fs.target nss-lookup.target
[Service]
Type=forking
PIDFile=/run/nginx.pid
ExecStartPre=/usr/sbin/nginx -t
ExecStart=/usr/sbin/nginx
ExecReload=/usr/sbin/nginx -s reload
ExecStop=/bin/kill -s QUIT $MAINPID
PrivateTmp=true
[Install]
WantedBy=multi-user.target
EOF

#***********************************************************
# Install PHP
#***********************************************************

sudo apt install -y php
sudo apt install -y php-pear php-fpm php-dev php-zip php-curl php-xmlrpc php-gd php-mysql php-mbstring php-xml libapache2-mod-php



#***********************************************************
# Configure PHP for NGINX
#***********************************************************


sudo sh -c "sed -i '/cgi.fix_pathinfo=1/c\cgi.fix_pathinfo=0' /etc/php/7.2/fpm/php.ini" 
sudo sh -c "echo '' >> /etc/php/7.2/fpm/php.ini"
sudo sh -c "echo '' >> /etc/php/7.2/fpm/php.ini"
sudo sh -c "echo ';***********************************************************' >> /etc/php/7.2/fpm/php.ini"
sudo sh -c "echo '; WordPress Settings ' >> /etc/php/7.2/fpm/php.ini"
sudo sh -c "echo ';***********************************************************' >> /etc/php/7.2/fpm/php.ini"
sudo sh -c "echo 'upload_max_filesize = 500M' >> /etc/php/7.2/fpm/php.ini"
sudo sh -c "echo 'post_max_size = 2000M' >> /etc/php/7.2/fpm/php.ini"
sudo sh -c "echo 'memory_limit = 2000M' >> /etc/php/7.2/fpm/php.ini"
sudo sh -c "echo 'max_execution_time = 120' >> /etc/php/7.2/fpm/php.ini"



#***********************************************************
# Configure website
#***********************************************************


mkdir /etc/nginx/sites-enabled
mkdir /etc/nginx/sites-available

sudo sh -c "cat > /etc/nginx/sites-available/mydomain.com <<\EOF
    server {
        listen 80;
	    root /var/www/html;
	    index index.php index.html index.htm;
        

        #charset koi8-r;

        #access_log  logs/host.access.log  main;

        location / {
	    include /etc/nginx/naxsi.rules;
        try_files \$uri \$uri/ /index.php?\$args;
        }

    	location ~ \.php$ {
    	fastcgi_split_path_info  ^(.+\.php)(/.+)$;
   	fastcgi_index            index.php;
    	fastcgi_pass             unix:/var/run/php/php7.2-fpm.sock; #Ubuntu 17.10
#  	# fastcgi_pass             unix:/var/run/php/php7.0-fpm.sock; #Ubuntu 17.04
    	include                  fastcgi_params;
    	fastcgi_param   PATH_INFO       \$fastcgi_path_info;
    	fastcgi_param   SCRIPT_FILENAME \$document_root\$fastcgi_script_name;
	}

        #error_page  404              /404.html;

        # redirect server error pages to the static page /50x.html
        #
        error_page   500 502 503 504  /50x.html;
        #
        #location ~ \.php$ {
        #    proxy_pass   http://127.0.0.1;
        #}

        # pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
        #
        #location ~ \.php$ {
        #    root           html;
        #    fastcgi_pass   127.0.0.1:9000;
        #    fastcgi_index  index.php;
        #    fastcgi_param  SCRIPT_FILENAME  /scripts\$fastcgi_script_name;
        #    include        fastcgi_params;
        #}

        # deny access to .htaccess files, if Apache's document root
        # concurs with nginx's one
        #
        #location ~ /\.ht {
        #    deny  all;
        #}
    }


EOF
"            

sudo sh -c "ln -s /etc/nginx/sites-available/mydomain.com /etc/nginx/sites-enabled/"
sudo sh -c "rm -f /etc/nginx/sites-available/default"
sudo sh -c "rm -f /etc/nginx/sites-enabled/default"


#***********************************************************
# Enable and Start NGINX
#***********************************************************

systemctl stop apache2
systemctl daemon-reload
systemctl enable nginx
systemctl start nginx


#***********************************************************
# Use if experiencing errors
#***********************************************************

#mkdir /etc/systemd/system/nginx.service.d
#printf "[Service]\nExecStartPost=/bin/sleep 0.1\n" > /etc/systemd/system/nginx.service.d/override.conf
#systemctl daemon-reload


#***********************************************************
# Install and Configure Maria DB 
#***********************************************************

sudo apt install -y mariadb-server 
sudo systemctl enable mariadb
sudo systemctl start mariadb





#***********************************************************
# Install Certbot for SSL
#***********************************************************

#sudo apt install python-certbot-nginx -y




#***********************************************************
# Install Wordpress
#***********************************************************

rm -rf /var/www/html/*
sudo sh -c "wget https://wordpress.org/latest.tar.gz -o /var/www/html/latest.tar.gz"
sudo sh -c "tar -zxvf latest.tar.gz -C /var/www/html/ --strip-components=1"
sudo sh -c "rm -rf /var/www/html/latest.tar.gz"
sudo sh -c "cp /var/www/html/wp-config-sample.php /var/www/html/wp-config.php"



#***********************************************************
# Set Permissions for /var/www/html
#***********************************************************

sudo chown -R www-data:www-data /var/www/html/*
sudo chmod -R 755 /var/www/html/*


#***********************************************************
# Generate and set MYSQL credentials
#***********************************************************

sudo sh -c "apt-get install -y pwgen > /dev/null 2>&1"
NEW_MYSQL_ROOT_PASSWORD=`pwgen -c -n -1 20` > /dev/null 2>&1
MYSQL_WP_PASSWORD=`pwgen -c -n -1 20` > /dev/null 2>&1
echo "MYSQL ROOT PASSWORD: ${NEW_MYSQL_ROOT_PASSWORD}" >> /root/passwords.txt
echo "MYSQL WP PASSWORD: ${MYSQL_WP_PASSWORD}" >> /root/passwords.txt
chmod 600 /root/passwords.txt

#***********************************************************
# Create MYSQL DB and USER
#***********************************************************

sudo sh -c "mysql -uroot mysql -e \"CREATE DATABASE wp\""
sudo sh -c "mysql -uroot mysql -e \"CREATE USER wp\""
sudo sh -c "mysql -uroot wp -e \"GRANT SELECT, INSERT, UPDATE, DELETE, CREATE, DROP, ALTER ON wp.* TO 'wp'@'localhost' IDENTIFIED BY '${MYSQL_WP_PASSWORD}'\""
#sudo sh -c "mysql -uroot mysql -e \"ALTER USER 'root'@'localhost' IDENTIFIED BY '${NEW_MYSQL_ROOT_PASSWORD}'\""

#***********************************************************
# Add DB User and pw to Wordpress
#***********************************************************

sed -i 's/database_name_here/wp/' /var/www/html/wp-config.php
sed -i 's/username_here/wp/' /var/www/html/wp-config.php
sed -i "s/password_here/"${MYSQL_WP_PASSWORD}"/" /var/www/html/wp-config.php

The most current script can be found here

https://github.com/joelradon/wordpress-with-naxsi-waf

Is anyone using the geo ip module on NGINX? It looks like you can route / filter traffic based on geo location to the appropriate server (if using NGINX as a load balancer).

@fuznutz04 said in Automated Provisioning - KVM & CM tools:

@stacksofplates said in Automated Provisioning - KVM & CM tools:

Terraform will do this and I have an Ansible role to do it also.
As @IRJ mentioned Vagrant will work also. However I feel Terraform is a better fit as you have more control over the specific pieces of your infrastructure.

You would still prefer Terraform over Ansible for this as well?

Not the same kind of tool. Terraform is about creating virtual infrastructure. Ansible is about management.

@fuznutz04 said in Automated Provisioning - KVM & CM tools:

@IRJ said in Automated Provisioning - KVM & CM tools:

You can do this with vagrant . You can attach login scripts into the Vagrant config file or you can actually build templates which they call boxes.

Is Vagrant meant for production environments as well? This project is a proof of concept, that I would later hope to take into a production environment.

I have used vagrant in my lab and really like it, but if you design your environment properly it wont matter what tool you use to automate the build.

You need to learn scripting so you can utilize bash and/or ansible to do these builds. Then you can use whatever mechanism you want to do the virtualization like vagrant or terraform.

You can do this with vagrant . You can attach login scripts into the Vagrant config file or you can actually build templates which they call boxes.