Skip to content

Latest commit

 

History

History
164 lines (101 loc) · 2.38 KB

README.md

File metadata and controls

164 lines (101 loc) · 2.38 KB

ksenz

git clone https://github.com/krobicon/ksenz git pull

OPEN MAIN DIR

cd ~/ksenz

ENABLE BUILD

chmod +x service-build.sh

RUN BUILD

./service-build.sh

OPEN BIN

cd ~/ksenz/bin

INSTALL IN BIN

./service-install.sh

UNINSTALL IN BIN

./service-uninstall.sh

Installation

This guide is written for Ubuntu. For other Linux flavors, adapt commands where needed.

(1) Allow Root Login

We'll ensure that the root user can login.

  1. Configure your root user password:
sudo passwd

See this page for more information on the root user.

(2) Enable Process Isolation

We'll ensure that non-root users are unable to see the project-ksenz service.

  1. Switch to the root user:
su
  1. Install dependencies:
apt install -y vim
  1. Open /etc/fstab with vim:
vim /etc/fstab
  1. Add the following line:
proc /proc proc defaults,nosuid,nodev,noexec,relatime,hidepid=1 0 0
  1. Reboot your system:
reboot
  1. Check that your non-root user cannot see root processes:
ps aux

See this page for more information on process isolation.

(3) Disable Process Tracing

We'll ensure that non-root users cannot use ptrace capabilities.

  1. Switch to the root user:
su
  1. Open /etc/sysctl.d/10-ptrace.conf with vim:
vim /etc/sysctl.d/10-ptrace.conf
  1. Change the kernel.yama.ptrace_scope value to 2:
kernel.yama.ptrace_scope = 2
  1. Reboot your system:
reboot
  1. Check that the ptrace_scope is set to 2:
sysctl kernel.yama.ptrace_scope

See this page for more information on process tracing.

(4) Install .NET

We'll ensure that project-ksenz can be compiled with .NET.

  1. Switch to the root user:
su
  1. Add the Microsoft package repositories:
  1. Install .NET 6.0:
apt update && apt install -y dotnet-sdk-6.0

(5) Build Service

We'll build project-ksenz, so we can register it as a service:

  1. Switch to root user:
su
  1. Open the /root directory:
cd ~
  1. Install dependencies:
apt install -y git