Differences

This shows you the differences between two versions of the page.

--- lab:fah_removal [2023/05/01 15:52] – [Server Setup] user
+++ lab:fah_removal [2023/05/06 23:02] (current) – replaced user
@@ Line 1: / Line 1: @@
-====== FAH Removal ======
-In our previous step we [[fah_installation|set up FAH]] on our [[Stack of NUCs]].
-Now we are going to disable the service and uninstall it. In the last step there was an optional step to "finish folding". Bonus points for doing this.
-Purpose:
-  * Demonstrate stopping and removing an installed service workload
-====== Step 1 - Connect to the Ansible Control Node ======
-From [[stack - nuc 1|NUC 1]], log in to the Ansible control node, [[stack - nuc 2|NUC 2]].
-====== Step 2 - Create the Playbook ======
-Create the file /home/ansible/my-project/fah/removefah.yml
-<file yaml removefah.yml>
----
-- hosts: all
-  become: true
-  become_user: root
-  tasks:
-    - name: Stop and disable FAHClient.service
-      ansible.builtin.service:
-        name: FAHClient.service
-        state: stopped
-        enabled: false
-    - name: Remove fahclient package
-      apt:
-        name: fahclient
-        state: absent
-        clean: true
-        purge: true
-    - name: Reboot
-      reboot:
-</file>
-====== Step 3 - Test the Playbook ======
-''ansible-playbook removefah.yml''
-====== Next Step ======
-Now that we have removed the CPU-hungry FAH service, we go next to [[Install Kubernetes|installing Kubernetes]].
-====== Optional ======
-Cyber security students may want to deploy hashtopolis in the Lab. This deploys a distributed hashcat cluster for brute forcing password hashes.
-===== Hashtopolis =====
-References:
-  * [[https://jakewnuk.com/posts/hashtopolis-infrastructure/]]
-  * [[https://github.com/peterezzo/hashtopolis-docker]]
-There are two pieces to set up:
-  * server - central server distributes the keyspace of a task, aggregates jobs, and collects results in MySQL database
-    * communicates over HTTPS with client machines
-    * passes over files, binaries and task commands
-  * clients - acts on the commands, executes the hash cracking application, and report "founds" to the server
-==== Start a folder for hashtopolis ====
-  - Log in to the Ansible control node (NUC 2)
-  - Create directory ''/home/ansible/my-project/hashtopolis'' change to it
-    * ''mkdir hashtopolis''
-    * ''cd hashtopolis''
-  - Create the inventory, putting one of the worker nodes in the [server] section and the rest in the [clients] section
-    * ''/home/ansible/my-project/hashtopolis/inventory''
-    * <file yaml inventory>
-[all:vars]
-ansible_python_interpreter=/usr/bin/python3
-ansible_user='ansible'
-ansible_become=true
-ansible_become_method=sudo
-[server]
-[clients]
-</file>
-  - Create the ansible.cfg file
-    * ''/home/ansible/my-project/hashtopolis/ansible.cfg''
-    * <file yaml ansible.cfg>
-[defaults]
-inventory = inventory
-</file>
-==== Server Setup ====
-Server runs a LAMP stack
-<file yaml testing-server-build.yml>
----
-- hosts: master
-  vars:
-    my_sql_root_password: "my_sql_root_password"
-    app_user: "sammy"
-    http_host: "your_domain"
-    http_config: "your_comain.conf"
-    http_port: "80"
-    disable_default: true
-    hashtopolis_password: "my_hastopolis_password"
-  tasks:
-    - name: Install prerequisites
-      apt: name={{ item }} update_cache=yes state=latest force_apt_get=yes
-      loop: [ 'aptitude', 'git', 'phpmyadmin' ]
-  #Apache Configuration
-    - name: Install LAMP Packages
-      apt: name={{ item }} update_cache=yes state=latest
-      loop: [ 'apache2', 'mysql-server', 'python3-pymysql', 'php', 'php-mysql', 'libapache2-mod-php' ]
-    - name: Create document root
-      file:
-        path: "/var/www/{{ http_host }}"
-        state: directory
-        owner: "{{ app_user }}"
-        mode: '0755'
-    - name: Set up Apache virtualhost
-      template:
-        src: "apache.conf.j2"
-        dest: "/etc/apache2/sites-available/{{ http_conf }}"
-      notify: Reload Apache
-    - name: Enable new site
-      shell: /usr/sbin/a2ensite {{ http_conf }}
-      notify: Reload Apache
-    - name: Disable default Apache site
-      shell: /usr/sbin/a2dissite 000-default.conf
-      when: disable_default
-      notify: Reload Apache
-  # MySQL Configuration
-    - name: Sets the root password
-      mysql_user:
-        name: root
-        password: "{{ mysql_root_password }}"
-        login_unix_socket: /var/run/mysqld/mysqld.sock
-    - name: Removes all anonymous user accounts
-      mysql_user:
-        name: ''
-        host_all: yes
-        state: absent
-        login_user: root
-        login_password: "{{ mysql_root_password }}"
-    - name: Removes the MySQL test database
-      mysql_db:
-        name: test
-        state: absent
-        login_user: root
-        login_password: "{{ mysql_root_password }}"
-    - name: Create new databases
-      community.mysql.mysql_db:
-        name:
-          - hashtopolis
-    - name: Sets the hashtopolis password
-      mysql_user:
-        name: hashtopolis
-        password: "{{ hashtopolis_password }}"
-        priv="hashtopolis.*:ALL"
-        state: present
-  # UFW Configuration
-    - name: "UFW - Allow HTTP on port {{ http_port }}"
-      ufw:
-        rule: allow
-        port: "{{ http_port }}"
-        proto: tcp
-  # PHP Info Page
-    - name: Sets Up PHP Info Page
-      template:
-        src: "info.php.j2"
-        dest: "/var/www/{{ http_host }}/info.php"
-    - name: secure mysql
-      command: mysql_secure_installation
-    - name: Clone a github repository
-      git:
-        repo: https://github.com/s3inlc/hashtopolis.git
-        dest: /home/ansible/repos/
-        clone: yes
-        update: yes
-    - name: create folder /var/www/hashtopolis
-    - name: copy hastopolis/src/* to /var/www/hashtopolis
-    - name: chown -R www-data:www-data /var/www/hashtopolis
-    - name: php.ini tweaking
-    - name: remove install directory /var/www/hashtopolis/install
-  handlers:
-    - name: Reload Apache
-      service:
-        name: apache2
-        state: reloaded
-    - name: Restart Apache
-      service:
-        name: apache2
-        state: restarted
-</file>
-open web browser, installation gui; auth into sql account
-  * serve hostname: localhost
-  * server port: 3306
-  * mysql user: hashtopolis
-  * mysql password: my_hastopolis_password
-  * database name: hashtopolis
-additional configuration required
-==== Agent Setup ====
-<code>
-# ensure the machine is up to date and install python packages
-sudo apt update
-sudo apt -y full-upgrade -y
-pip3 install requests
-pip3 install psutil
-# install nvidia and cuda drivers
-sudo apt install -y nvidia-driver nvidia-cuda-toolkit
-# verify install (should both show nvidia drivers)
-nvidia-smi
-lspci | grep -i vga
-# verify with hashcat
-hashcat -I
-# fetch the agent file from the server
-curl http://DOMAIN.TLD/agents.php?download=1 -o agent.zip
-python3 agent.zip
-</code>