| title | meta | noGlobalSocialShare | |||||
|---|---|---|---|---|---|---|---|
Libellux: Up and Running |
|
true |
Libellux: Up and Running is a collection of personal notes and documentation regarding open-source software configuration. The focus is to build a so called Zero Trust Network using a central authentication server to enhance the security for our existing applications. We will manage our network using an open-source software tool for provisioning and configuration management to automate and speed up productivity.
::: tip DISCLAIMER It is understood that this documentation, and any configurations may contain errors and are provided for education purposes only. The documentation, and any configurations are provided "as is" without warranty of any kind, whether express, implied, statutory, or otherwise. :::
| Role | Names |
|---|---|
| Lead Authors: | Fredrik Hilmersson @libellux |
| Contributors: | Damir Kucic @dkucic |
| Reviewers: | Scott Shinn @atomicturtle, Cornelius Kölbel @cornelinux, Adam Hilmersson @cnsta |
| Supporters: | HyperQube, Atomi Systems, Mullvad VPN |
- Ubuntu 20.04 LTS (Focal Fossa)
- Ubuntu 18.04 LTS (Bionic Beaver)
- Ubuntu 16.04 LTS (Xenial Xerus)
- VMware ESXi 6.7.0
- HyperQube
::: details Conventions
| Type | Convention | Description |
|---|---|---|
| Environment | server@ubuntu | Suffix determine operating system |
| Server CLI | server@centos | Commands executed from server command-line |
| Client CLI | client@ubuntu | Commands executed from client command-line |
| Server IP | 192.168.0.1 | Server IP address |
| Client IP | 192.168.0.2 | Client IP address |
| VPN server | 192.168.8.1 | WireGuard VPN server IP address |
| VPN client | 192.168.8.2 | WireGuard VPN client IP address |
| ::: |
- 1.0: WireGuard Secure VPN Tunnel
- 1.1: Two-factor authentication w/ privacyIDEA and YubiKey
- 1.2: Universal 2nd Factor with YubiKey
- 2.0: OSSEC Host Intrusion Detection System
- 2.1: PSAD Intrusion Detection with Log Analysis
- 2.2: Greenbone Vulnerability Manager
- 2.3: Snort Network Intrusion Detection & Prevention System
- 2.4: ClamAV Antivirus Server
- 3.0: AWX Ansible Tower
- 3.1: M/Monit System Monitoring
- 3.2: Performance Co-Pilot Grafana
- 3.3: Rsyslog Log Processing
- 3.4: Graylog Centralized Log Management
The HyperQube platform provides Libellux: Up and Running with the ability to replicate entire cloud networks with the click of a button. It reduces overall virtualization spend by up to 80% while eliminating the waste associated with replicating infrastructure. HyperQube is cloud-agnostic, with current API support for both VMWare and AWS. Atomi Systems supports Libellux with the screen recording tool ActivePresenter which enables us to create interactive screencasts.
Questions, comments, or problems regarding this service? Create an issue here or contact [email protected].
To follow the process and prioritization check out the project road map. Feel free to create a feature request if there's any documentation or software you would like us to cover.
Libellux: Up and Running changelog (1.1.0) [email protected]
Release Maintainers
Fredrik Hilmersson @libellux
Contributors on this release
Cornelius Kölbel @cornelinux
Scott Shinn @atomicturtle
Adam Hilmersson @cnst
Release notes
Special thanks on this release go out to:
- HyperQube for providing their great software to replicate entire cloud networks with the click of a button.
- Atomi Systems for giving access to their powerful screen recording software ActivePresenter.
- Mullvad VPN letting us use their fast, trustworthy and easy-to-use VPN with a focus on privacy.
- Cornelius Kölbel @cornelinux from NetKnights.
This is the first minor release of Libellux: Up and Running. Where we start combining the services to enhance the security in the Zero Trust Network. We added documentation how-to set up a virtual private network (VPN) using WireGuard. privacyIDEA will act as our central authentication server to both enforce two-factor authentication (using YubiKey 5 NFC) but also to apply an role-based access control (RBAC) approach. We also added a new section on how-to set up a server/client relationship with ClamAV Antivirus. Additionally we added the possiblity to comment using Gitalk.
What's New:
Two-factor authentiction w/ PrivacyIDEA FreeRADIUS plugin and YubiKey 5 NFC
Greenbone Vulnerability Manager (GVM) revision 5 w/ update for latest GVM release (21.04)
WireGuard Secure VPN Tunnel
ClamAV Antivirus Server
Scheduled jobs for GVM 21.04 to keep community feed up-to-date
Comments with Gitalk
::: details Prior releases Libellux: Up and Running changelog (1.0.1) [email protected]
Release Maintainers
Fredrik Hilmersson @libellux
Contributors on this release
Scott Shinn @atomicturtle
Adam Hilmersson @cnsta
Release notes
The second release of Libellux: Up and Running mostly contain updates to already existing chapters. There is a few new additions to each chapter e.g. Agentless monitoring and Windows Server 2019 agent installation for OSSEC. The OpenVAS chapter has also been revised and updated with new features such as basic vulnerability scans to give a first hands-on experience. We've also completed the first revision for M/Monit System Monitoring.
What's New:
M/Monit System Monitoring (3.7.5) with Monit (5.27.0)
Agentless monitoring chapter to OSSEC Host Intrusion Detection (3.6.0)
Windows Server 2019 agent installation (OSSEC 3.6.0)
Basic authenticated and unauthenticated scan to OpenVAS Vulnerability Scanner (OpenVAS 20.08)
Libellux: Up and Running changelog (1.0.0) [email protected]
Release Maintainers
Fredrik Hilmersson @libellux
Contributors on this release
Damir Kucic @dkucic
Scott Shinn @atomicturtle
Adam Hilmersson @cnsta
Zeny Palac @doczenzen
Falk @falkowich
Release notes
This is the first release of Libellux: Up and Running. The initial release contain documentation and configuration for the software specified below (see What's New). Libellux: Up and Running is a collection of personal notes and documentation regarding open-source software configuration. The focus is to build a so called Zero Trust Network using a central authentication server to enhance the security for our existing applications. We will manage our network using an open-source software tool for provisioning and configuration management to automate and speed up productivity.
What's New:
OSSEC Host Intrusion Detection (3.6.0)
PSAD Intrusion Detection (2.4.6)
OpenVAS Vulnerability Scanner (OpenVAS 20.08, Atomicorp 20.08)
:::
The books recommended throughout this website, have all been insightful and many times the core for documentation. They've also been helpful in understanding and chosing the correct approach when applying configurations for various open-source software. All the literature are personally recommended. Following the affiliated links is a way to support Libellux: Up and Running and the authors.
- Zero Trust Networks: Building Secure Systems in Untrusted Networks, Gilman Evan, 2017
- UNIX and Linux System Administration Handbook (5th Edition), Evi Nemeth, 2017
- Securing DevOps: Security in the Cloud, Julien Vehent, 2017
- Instant OSSEC Host-based Intrusion Detection, Lhotsky Brad, 2013
- OSSEC Host-Based Intrusion Detection Guide, Rory Bray, 2008
- Systems Performance: Enterprise and the Cloud, Gregg Brendan, 2013
- Mastering Ansible: Effectively automate configuration management and deployment challenges with Ansible, Freeman James & Keating Jesse, 2019
- FreeRADIUS Beginner's Guide, van der Walt Dirk, 2011
- Mastering OpenLDAP: Configuring, Securing and Integrating Directory, Butcher Matt, 2007
- Ansible Up and Running (2nd Edition), Hochstein Lorin & Moser Rene, 2017
- Jira 8 Administration Cookbook, Patrick Li, 2019
- Linux Firewalls, Michael Rash, 2007
- Linux Firewalls, Steve Suehring, 2015
![dependabot[bot] avatar](https://avatars.githubusercontent.com/in/29110?v=4 "dependabot[bot]")
React
Typescript
Django
Laravel
Facebook
Microsoft
Google
Alibaba
D3
Tencent