Here you can learn how to set up a Wordpress instance from zero and set some specific network permissions.
To take the test you will need to have:
- VM with Ubuntu 18.04, fresh install
- 2 Network Interfaces(Lower I'll destcibe how to set IP address for your network)
The challenge is as follows:
- Install latest updates of the machine
- Install php with fpm
- Install nginx
- Ensure that traffic coming from outside our network (origin not in 10.1.*) only has access to content on port 80
- Ensure that port 8088 is only accessible from the internal network
- Setup Wordpress 5.4 (including dependencies) as the only application responding on port 80 (no need to perform the WP Install)
- Create a user with sudo nopasswd rights like root and its respective keys
- Disallow root access through ssh
- Install latest updates of the machine.
- Make sure that OS is up to date.
sudo apt update
sudo apt upgrade
- Switch to nopassword user.
sudo ufw enable
sudo -i
sudo adduser --shell /bin/bash myuser
sudo usermod -aG sudo myuser
sudo echo "myuser ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)
Generate SSH, create sudo user with only an SSH key
sudo ssh-keygen
sudo apt install openssh-server
sudo ufw allow ssh
sudo adduser --shell /bin/bash --system --group myuser1
sudo mkdir /home/myuser1/.ssh
sudo cp -Rfv /root/.ssh /home/myuser1/
sudo chown -Rfv myuser1:myuser1 /home/myuser1/.ssh
sudo chown -R myuser1:myuser1 /home/myuser1
sudo gpasswd -a myuser1 sudo
sudo echo "myuser1 ALL=(ALL) NOPASSWD: ALL" | (EDITOR="tee -a" visudo)
Disable root SSH login.
nano /etc/ssh/sshd_config
Uncomment "PermitRootLogin" and type "no":
#LoginGraceTime 2m
PermitRootLogin no
#StrictModes yes
#MaxAuthTries 6
#MaxSessions 10
systemctl restart ssh
- Install PHP.
sudo apt-get install php7.2 php7.2-cli php7.2-fpm php7.2-mysql php7.2-json php7.2-opcache php7.2-mbstring php7.2-xml php7.2-gd php7.2-curl
- Install NGINX.
sudo apt install nginx
- Setup Wordpress.
Install My SQL database.
sudo apt install mysql-server
sudo mysql_secure_installation
mysql -u root -p
Create database.
CREATE DATABASE wordpress_db;
GRANT ALL ON wordpress_db.* TO 'wpuser'@'localhost' IDENTIFIED BY 'Passw0rd!' WITH GRANT OPTION;
Create new directory.
mkdir -p /var/www/html/wordpress/public_html cd /var/www/html/wordpress/public_html
Download Wordpress.
tar -xzvf wordpress-5.4.10.tar.gz mv wordpress/* . rm -rf wordpress wordpress-5.4.10.tar.gz
Change the ownership and apply correct permissions.
chown -R www-data:www-data * chmod -R 755 *
Configure NGINX for WordPress.
cd /etc/nginx/sites-available
Change port default server to 8080 in
file.nano default
and change here port from 80 to 8080 (listen 8080;) in the two places.
Create new file.
touch wordpress.conf nano wordpress.conf
Add content.
server { listen 80; root /var/www/html/wordpress/public_html; index index.php index.html; server_name; access_log /var/log/nginx/wpexample.wordpress.access.log; error_log /var/log/nginx/wpexample.wordpress.error.log; location / { try_files $uri $uri/ =404; } location ~ \.php$ { include snippets/fastcgi-php.conf; fastcgi_pass unix:/run/php/php7.2-fpm.sock; } location ~ /\.ht { deny all; } location = /favicon.ico { log_not_found off; access_log off; } location = /robots.txt { allow all; log_not_found off; access_log off; } location ~* \.(js|css|png|jpg|jpeg|gif|ico)$ { expires max; log_not_found off; } }
Create a symbolic link for this file.
cd /etc/nginx/sites-enabled ln -s ../sites-available/wordpress.conf .
Reload NGINX.
systemctl reload nginx
- Set Limits for traffic using the
- Get status UFW.
sudo ufw status
- Deny all connections.
sudo ufw default deny outgoing
sudo ufw default deny incoming
- Allow specific ports.
sudo ufw allow out 80
sudo ufw allow 'Nginx HTTP'
- Status.
sudo ufw status verbose
Below is a list of the things you need to do and how to set them up. Set the IP for the network interface.
Get a list of available interfaces.
ifconfig -a
Go to file.
sudo nano /etc/network/interfaces
Edit file as mentioned below.
auto lo iface lo inet loopback auto enp0s3 iface enp0s3 inet static address netmask gateway dns-nameservers
Apply changes.
sudo /etc/init.d/networking restart
You can use this file for solution few task on Ubuntu 18.04. P.S. To complete the WordPress installation, go to your localhost:
