n3

robertavram · robertavram · commit 054a7ff5c16d · 2015-07-07T22:25:56.000-07:00
diff --git a/Hello.md b/Hello.md
@@ -0,0 +1,333 @@
+Linux Server Configuration
+======================
+Linux - Apache - Flask - Postgres - Docker Containers
+----------------------------------------------------------------
+Automated Baseline Linux Server Configuration set up to secure the system from a number of attack vectors, to serve a Postgres database server and an Apache server.
+The Postgres Database Server is configured to run in a **Docker**[^docker] container that uses a docker data volume for easy migrations, backups and restores.
+Th Apache server is dockerized and linked to the Database Server container for a more secure communication style.
+
+
+How to use:
+--------------
+
+> 1. If not already installed, install openssh by running:
+> >$`sudo apt-get openssh-server`
+
+> 2. Install git:
+> >$`sudo apt-get install git`
+
+> 3. Clone the repository into /src:
+>> $ `sudo git clone `[your source]  `/src`
+
+> 4.  Login as root and run s1.sh from the "shell" directory
+>>$ `sudo su`
+>>$ `sh /src/shell/s1.sh`
+>>>*here you will be asked to configure unattended-upgrades, timezone, and the password for the new user "grader"*
+
+> 5. The ssh port is now changed to 2200, exit to your machine, generate an rsa key and upload it to the remote server on port 2200 and user grader:
+> Source: [Digital Ocean](https://www.digitalocean.com/community/tutorials/how-to-set-up-ssh-keys--2)
+>> `ssh-keygen -t rsa` *set a file location (usually: /Users/you/.ssh/yourfile) - Mac*
+>> `ssh-copy-id -p 2200 -i /Users/you/.ssh/yourfile grader@ip_addr`
+>> `ssh -p 2200 -i  /Users/you/.ssh/yourfile grader@ip_addr`
+
+> 6.  Login as root and run the seccond script
+>>$ `sudo su`
+>>$ `sh /src/shell/s1.sh`
+
+> 7. DONE! You should now have a working application everything set up.
+
+User Management
+----------------------
+Sources: [Askubuntu](http://askubuntu.com/questions/235084/how-do-i-remove-ubuntus-password-requirement), [DigitalOcean](https://www.digitalocean.com/community/tutorials/how-to-add-and-delete-users-on-an-ubuntu-14-04-vps)
+Key points *(done through: /shell/s1.sh lines: 21 -> 47  )*:
+
+> 1. A new user has been created.
+> 2. User "grader" can sudo to root and the password has been set securely.
+> 3. Remote users other then 'grader' have been disabled.
+> 4. "grader" sudo password has been disabled for convenience.
+
+Security / App Functionality Monitoring - Feedback
+-------------------------------------------------------------
+> 1. Key-based ssh has been enforced.
+> 2. SSH accessible over non-default port 2200.
+> 3. Applications have been updated to the most recent updates.
+> 4. The firewall has been configured to monitor for repeated unsuccessful attempts, appropriately bans attackers and provides automated security feedback.
+> 5. A monitoring software is installed to monitor system availability and status.
+
+Other Application Functionality
+------------------------------------
+> 1. Web-server has been dockerized for security and portability; configured to serve the provided application and has been configured to automatically restart in case of critical failure.
+> 2. Database Server has been dockerized for security, portability, has been configured to use a data volume for easy migrations, backups and restores.
+> > **Note: ** *Even though it looks like remote connections have been enabled for the database it is important to notice that the database is not actually accessible remotely from any machine unless it is a purposefully linked docker container. Technically by dockerizing the database server, another layer of security was added.*
+
+
+Other Security / Functionality Configurations
+-----------------------------------------------------
+> 1. Install ntp for better time synchronization
+> 
+
+
+Short Description of the System
+-------------------------------------
+
+
+
+Documents
+-------------
+
+StackEdit stores your documents in your browser, which means all your documents are automatically saved locally and are accessible **offline!**
+
+> **Note:**
+
+> - StackEdit is accessible offline after the application has been loaded for the first time.
+> - Your local documents are not shared between different browsers or computers.
+> - Clearing your browser's data may **delete all your local documents!** Make sure your documents are synchronized with **Google Drive** or **Dropbox** (check out the [<i class="icon-refresh"></i> Synchronization](#synchronization) section).
+
+#### <i class="icon-file"></i> Create a document
+
+The document panel is accessible using the <i class="icon-folder-open"></i> button in the navigation bar. You can create a new document by clicking <i class="icon-file"></i> **New document** in the document panel.
+
+#### <i class="icon-folder-open"></i> Switch to another document
+
+All your local documents are listed in the document panel. You can switch from one to another by clicking a document in the list or you can toggle documents using <kbd>Ctrl+[</kbd> and <kbd>Ctrl+]</kbd>.
+
+#### <i class="icon-pencil"></i> Rename a document
+
+You can rename the current document by clicking the document title in the navigation bar.
+
+#### <i class="icon-trash"></i> Delete a document
+
+You can delete the current document by clicking <i class="icon-trash"></i> **Delete document** in the document panel.
+
+#### <i class="icon-hdd"></i> Export a document
+
+You can save the current document to a file by clicking <i class="icon-hdd"></i> **Export to disk** from the <i class="icon-provider-stackedit"></i> menu panel.
+
+> **Tip:** Check out the [<i class="icon-upload"></i> Publish a document](#publish-a-document) section for a description of the different output formats.
+
+
+----------
+
+
+Synchronization
+-------------------
+
+StackEdit can be combined with <i class="icon-provider-gdrive"></i> **Google Drive** and <i class="icon-provider-dropbox"></i> **Dropbox** to have your documents saved in the *Cloud*. The synchronization mechanism takes care of uploading your modifications or downloading the latest version of your documents.
+
+> **Note:**
+
+> - Full access to **Google Drive** or **Dropbox** is required to be able to import any document in StackEdit. Permission restrictions can be configured in the settings.
+> - Imported documents are downloaded in your browser and are not transmitted to a server.
+> - If you experience problems saving your documents on Google Drive, check and optionally disable browser extensions, such as Disconnect.
+
+#### <i class="icon-refresh"></i> Open a document
+
+You can open a document from <i class="icon-provider-gdrive"></i> **Google Drive** or the <i class="icon-provider-dropbox"></i> **Dropbox** by opening the <i class="icon-refresh"></i> **Synchronize** sub-menu and by clicking **Open from...**. Once opened, any modification in your document will be automatically synchronized with the file in your **Google Drive** / **Dropbox** account.
+
+#### <i class="icon-refresh"></i> Save a document
+
+You can save any document by opening the <i class="icon-refresh"></i> **Synchronize** sub-menu and by clicking **Save on...**. Even if your document is already synchronized with **Google Drive** or **Dropbox**, you can export it to a another location. StackEdit can synchronize one document with multiple locations and accounts.
+
+#### <i class="icon-refresh"></i> Synchronize a document
+
+Once your document is linked to a <i class="icon-provider-gdrive"></i> **Google Drive** or a <i class="icon-provider-dropbox"></i> **Dropbox** file, StackEdit will periodically (every 3 minutes) synchronize it by downloading/uploading any modification. A merge will be performed if necessary and conflicts will be detected.
+
+If you just have modified your document and you want to force the synchronization, click the <i class="icon-refresh"></i> button in the navigation bar.
+
+> **Note:** The <i class="icon-refresh"></i> button is disabled when you have no document to synchronize.
+
+#### <i class="icon-refresh"></i> Manage document synchronization
+
+Since one document can be synchronized with multiple locations, you can list and manage synchronized locations by clicking <i class="icon-refresh"></i> **Manage synchronization** in the <i class="icon-refresh"></i> **Synchronize** sub-menu. This will let you remove synchronization locations that are associated to your document.
+
+> **Note:** If you delete the file from **Google Drive** or from **Dropbox**, the document will no longer be synchronized with that location.
+
+----------
+
+
+Publication
+-------------
+
+Once you are happy with your document, you can publish it on different websites directly from StackEdit. As for now, StackEdit can publish on **Blogger**, **Dropbox**, **Gist**, **GitHub**, **Google Drive**, **Tumblr**, **WordPress** and on any SSH server.
+
+#### <i class="icon-upload"></i> Publish a document
+
+You can publish your document by opening the <i class="icon-upload"></i> **Publish** sub-menu and by choosing a website. In the dialog box, you can choose the publication format:
+
+- Markdown, to publish the Markdown text on a website that can interpret it (**GitHub** for instance),
+- HTML, to publish the document converted into HTML (on a blog for example),
+- Template, to have a full control of the output.
+
+> **Note:** The default template is a simple webpage wrapping your document in HTML format. You can customize it in the **Advanced** tab of the <i class="icon-cog"></i> **Settings** dialog.
+
+#### <i class="icon-upload"></i> Update a publication
+
+After publishing, StackEdit will keep your document linked to that publication which makes it easy for you to update it. Once you have modified your document and you want to update your publication, click on the <i class="icon-upload"></i> button in the navigation bar.
+
+> **Note:** The <i class="icon-upload"></i> button is disabled when your document has not been published yet.
+
+#### <i class="icon-upload"></i> Manage document publication
+
+Since one document can be published on multiple locations, you can list and manage publish locations by clicking <i class="icon-upload"></i> **Manage publication** in the <i class="icon-provider-stackedit"></i> menu panel. This will let you remove publication locations that are associated to your document.
+
+> **Note:** If the file has been removed from the website or the blog, the document will no longer be published on that location.
+
+----------
+
+
+Markdown Extra
+--------------------
+
+StackEdit supports **Markdown Extra**, which extends **Markdown** syntax with some nice features.
+
+> **Tip:** You can disable any **Markdown Extra** feature in the **Extensions** tab of the <i class="icon-cog"></i> **Settings** dialog.
+
+> **Note:** You can find more information about **Markdown** syntax [here][2] and **Markdown Extra** extension [here][3].
+
+
+### Tables
+
+**Markdown Extra** has a special syntax for tables:
+
+Item     | Value
+-------- | ---
+Computer | $1600
+Phone    | $12
+Pipe     | $1
+
+You can specify column alignment with one or two colons:
+
+| Item     | Value | Qty   |
+| :------- | ----: | :---: |
+| Computer | $1600 |  5    |
+| Phone    | $12   |  12   |
+| Pipe     | $1    |  234  |
+
+
+### Definition Lists
+
+**Markdown Extra** has a special syntax for definition lists too:
+
+Term 1
+Term 2
+:   Definition A
+:   Definition B
+
+Term 3
+
+:   Definition C
+
+:   Definition D
+
+	> part of definition D
+
+
+### Fenced code blocks
+
+GitHub's fenced code blocks are also supported with **Highlight.js** syntax highlighting:
+
+```
+// Foo
+var bar = 0;
+```
+
+> **Tip:** To use **Prettify** instead of **Highlight.js**, just configure the **Markdown Extra** extension in the <i class="icon-cog"></i> **Settings** dialog.
+
+> **Note:** You can find more information:
+
+> - about **Prettify** syntax highlighting [here][5],
+> - about **Highlight.js** syntax highlighting [here][6].
+
+
+### Footnotes
+
+You can create footnotes like this[^footnote].
+  [^footnote]: Here is the *text* of the **footnote**.
+
+
+### SmartyPants
+
+SmartyPants converts ASCII punctuation characters into "smart" typographic punctuation HTML entities. For example:
+
+|                  | ASCII                        | HTML              |
+ ----------------- | ---------------------------- | ------------------
+| Single backticks | `'Isn't this fun?'`            | 'Isn't this fun?' |
+| Quotes           | `"Isn't this fun?"`            | "Isn't this fun?" |
+| Dashes           | `-- is en-dash, --- is em-dash` | -- is en-dash, --- is em-dash |
+
+
+### Table of contents
+
+You can insert a table of contents using the marker `[TOC]`:
+
+[TOC]
+
+
+### MathJax
+
+You can render *LaTeX* mathematical expressions using **MathJax**, as on [math.stackexchange.com][1]:
+
+The *Gamma function* satisfying $\Gamma(n) = (n-1)!\quad\forall n\in\mathbb N$ is via the Euler integral
+
+$$
+\Gamma(z) = \int_0^\infty t^{z-1}e^{-t}dt\,.
+$$
+
+> **Tip:** To make sure mathematical expressions are rendered properly on your website, include **MathJax** into your template:
+
+```
+<script type="text/javascript" src="https://cdn.mathjax.org/mathjax/latest/MathJax.js?config=TeX-AMS_HTML"></script>
+```
+
+> **Note:** You can find more information about **LaTeX** mathematical expressions [here][4].
+
+
+### UML diagrams
+
+You can also render sequence diagrams like this:
+
+```sequence
+Alice->Bob: Hello Bob, how are you?
+Note right of Bob: Bob thinks
+Bob-->Alice: I am good thanks!
+```
+
+And flow charts like this:
+
+```flow
+st=>start: Start
+e=>end
+op=>operation: My Operation
+cond=>condition: Yes or No?
+
+st->op->cond
+cond(yes)->e
+cond(no)->op
+```
+
+> **Note:** You can find more information:
+
+> - about **Sequence diagrams** syntax [here][7],
+> - about **Flow charts** syntax [here][8].
+
+### Support StackEdit
+
+[![](https://cdn.monetizejs.com/resources/button-32.png)](https://monetizejs.com/authorize?client_id=ESTHdCYOi18iLhhO&summary=true)
+
+  [^docker]: [Docker](https://docker.io) is a fun thing 
+  [^goo]:goo id fun
+  
+  [^stackedit]: [StackEdit](https://stackedit.io/) is a full-featured, open-source Markdown editor based on PageDown, the Markdown library used by Stack Overflow and the other Stack Exchange sites.
+
+
+  [1]: http://math.stackexchange.com/
+  [2]: http://daringfireball.net/projects/markdown/syntax "Markdown"
+  [3]: https://github.com/jmcmanus/pagedown-extra "Pagedown Extra"
+  [4]: http://meta.math.stackexchange.com/questions/5020/mathjax-basic-tutorial-and-quick-reference
+  [5]: https://code.google.com/p/google-code-prettify/
+  [6]: http://highlightjs.org/
+  [7]: http://bramp.github.io/js-sequence-diagrams/
+  [8]: http://adrai.github.io/flowchart.js/
+
+
+
diff --git a/shell/shscript.sh b/shell/shscript.sh
@@ -23,26 +23,30 @@ adduser --gecos "" grader
 
 # make a copy of the sudoers file to the temp /etc/sudoers.tmp
 cp /etc/sudoers /etc/sudoers.tmp
+# make a backup of the sudoers file
+cp /etc/sudoers /etc/sudoers.bak
 
 # change sudoers file
 # erase the root   ALL=(ALL) ALL
+# we're effectively removing root from sudo doers.
 word='root[[:space:]]*ALL=(ALL:ALL)[[:space:]]ALL'
 # Replace it with grader
 rep="grader     ALL=(ALL:ALL) NOPASSWD: ALL"
-
+# sed to execute this replacement.
 sed -i "s/${word}/${rep}/" /etc/sudoers.tmp
 
 # remove the necessity for password for sudo
 word='%sudo[[:space:]]*ALL=(ALL:ALL)[[:space:]]ALL'
 rep='%sudo ALL=(ALL:ALL) NOPASSWD: ALL'
-
 sed -i "s/${word}/${rep}/g" /etc/sudoers.tmp
 
+# move the sudoers file back
 mv /etc/sudoers.tmp /etc/sudoers
 
 # make the sudoers readonly
 chmod 0444 /etc/sudoers
 
+# change ssh configurations
 # make a backup of sshd_config
 cp /etc/ssh/sshd_config /etc/ssh/sshd_config.backup
 
