The HendGrow Minecraft Experiment This is a quick tutorial on how to connect and play on our open Minecraft server. Keep in mind this is open Anarchy / Survival server. This means that anything goes in regards to playing on this server.
The Minecraft server will be available for the foreseeable future dependant on demand.
Minecraft: https://www.minecraft.net/en-us/store/minecraft-java-edition
(Including Apple Time Machine Support, Enabling Network Backups)
Walk-through of how to install a NAS based on (OMV) openmediavault on a Raspberry Pi. Best features for us is the ability to create a SMB share that has Apple Time Machine support. This enables us to backup all our Mac machines 🖥 / 💻 using time machine to the network. No more usb drives.
Walk Through Guide – https://hendgrow.com/ugs/RaspberryPi_OMV_WT.pdf
—INSTALL START—
Walk-through of how to install a NAS based on (OMV) openmediavault on a Raspberry Pi. Best features for us is the ability to create a SMB share that has Apple Time Machine support. This enables us to backup all our Mac machines 🖥 / 💻 using time machine to the network. No more usb drives.
Software:
Raspbian: https://www.raspberrypi.org/software/
Openmediavault: https://github.com/OpenMediaVault-Plugin-Developers
Commands:
$ sudo raspi-config
$ sudo apt-get update
$ sudo apt-get upgrade
$ wget https://github.com/OpenMediaVault-Plugin-Developers/installScript/raw/master/install
$ chmod +x install
$ sudo ./install
—INSTALL END–
Walk-through of how to install NAS based on (OMV) openmediavault. We use this as it is simple to get up and running and use. Best feature for us is the ability to create a SMB share that has Apple Time Machine support. This enables us to backup all our Mac machines 🖥 / 💻 using time machine to the network. No more usb drives.
URL for openmediavault download – https://www.openmediavault.org/download.html
—Start Here—
Update the system.
Assuming you have an existing Ubuntu server setup.Â
sudo apt update && sudo apt upgrade
Install some base applications
sudo apt install -y php php-cli php-common libapache2-mod-php apache2-utils sendmail inotify-tools apache2 build-essential gcc make wget tar zlib1g-dev libpcre2-dev libpcre3-dev unzip libz-dev libssl-dev libpcre2-dev libevent-dev build-essential
Enable rewrite, Apache & Start Apache.
sudo systemctl enable apache2
sudo systemctl start apache2
sudo a2enmod rewrite
sudo systemctl restart apache2
OSSEC Server Install
wget https://github.com/ossec/ossec-hids/archive/3.6.0.tar.gz
sudo tar -xvzf 3.6.0.tar.gz
sudo /home/hgadmin/ossec-hids-3.6.0/install.sh
Note: Provide your preferred input as prompted. For the demo we opted for the below:
Input your servers IP address or hostname (FQDN)
Installing the Web User Interface.
cd /tmp/
sudo git clone https://github.com/ossec/ossec-wui.git
sudo mv /tmp/ossec-wui /var/www/html
cd /var/www/html/ossec-wui
When prompted enter your chosen username and password. For the web server name enter www-data.
Set the permissions
sudo chown -R www-data:www-data /var/www/html/ossec-wui/
sudo chmod -R 755 /var/www/html/ossec-wui/
Restart Apache and launch Web User Interface
sudo systemctl restart apache2
Open a web browser and navigate to http://your-servers-ip/ossec-wui
Windows Agent Install
Download the OSSEC agent from – https://updates.atomicorp.com/channels/atomic/windows/ossec-agent-win32-3.6.0-12032.exe
Open the command prompt and ssh to your ossec server.
ssh hgadmin@192.168.68.123
Launch the OSSEC Agent Manager once connected to your server.
sudo /var/ossec/bin/manage_agents
Input option (A) to add a new agent. Input your windows machines name when prompted.
Input the windows machines IP when prompted and confirm adding with responding (y)
On the target Windows desktop. Launch the executable agent file you have downloaded as administrator. Should be in your downloads folder.
Open the OSSEC agent as administrator that you installed and enter the IP address of your OSSEC server.
Open the command prompt window that you used to ssh to the OSSEC server. Extract the Key by inputting option (e) and then the corresponding Agent ID for the windows machine in the OSSEC Agent Manager that should still be open.
Highlight and copy the key, update the OSSEC Agent. Save the updated info and start the OSSEC Agent.
Open your web browser and navigate to your OSSEC Servers IP and specific port if you set one.
—– Guide Ends Here —–
During this walk-through we will demonstrate how in download and install QRadar CE 7.3.3. via the OVA file provided by IBM. QRadar CE is a fully-featured free version of QRadar that includes a limited 50 events per second (EPS) & 5000 network flows a minute (FPS) perpetual license. It is the perfect solution to start learning QRadar or use it to monitor your home network.
*Q1 LABS, QRADAR and the ‘Q’ Logo are trademarks or registered trademarks of IBM Corp. Trademarks and related content are owned by their respective companies / owners.
—START—
QRadar 733 Steps
1. Download the OVA from – https://developer.ibm.com/qradar/ce/
2. Double click on the OVA file you just downloaded to kick of the import to VirtualBox.
3. Initial login. User = root. / Password = password
4. When prompted enter your chosen password and confirm for the password change.
5. Type in ./setup.sh to kick off the install.
6. Accept the terms by pressing Enter.
7. Enter password of your choice for the web interface.
8. Open a compatible web browser and input the IP of your QRadar CE Server, In our example – “https://192.168.68.141”
Urls used
https://developer.ibm.com/qradar/ce/
—END—
—START HERE—
Follow this guide to install and start securing MariaDB on Ubuntu desktop 20.04.
sudo apt-get update
sudo apt-get install mariadb-server
sudo mysql_secure_installation
Press Enter
You will be prompted to set a root password. Input Y and input the new password for root and validate it.
The Next prompt will ask if you want to remove anonymous users. Input Y
Prompt will request input to disallow remote root login. Input Y
Prompt will request input to remove the test database and access. Input Y
Last prompt will request input to reload the privilege tables. Input Y
Login to the MariaDB server and confirm its running.
sudo mariadb
Enter the password you decided on for root during the first prompt.
Create user to access DB other than root.
GRANT ALL PRIVILEGES ON *.*Â TO ‘sqladmin’@’localhost’ IDENTIFIED BY ‘password_here’;
quit;
End
You should always harden your servers.
Some useful links:
Secure your MariaDB installation – https://mariadb.com/kb/en/securing-mariadb/
Ubuntu Security and Server hardening – https://ubuntu.com/security
This walk-through guides you through the process of Installing the world class, industry tested ticket system known as Request Tracker or RT. We start with a solid Ubuntu 20.04 base as the server combined with Perl, MariaDB for the Database and Apache2 as the web server.
To setup Request Tracker with email
—Install Guide Starts Here—
ssh to the Ubuntu server you have provisioned. Ubuntu 20.04 was used for this walkthrough.
ssh username@your_servers_ip
1.1 Ensure the system is up to date.
sudo apt-get update
1.2 Install some system base packages
sudo apt install build-essential apache2 libapache2-mod-fcgid libssl-dev libexpat1-dev libmysqlclient-dev libcrypt-ssleay-perl liblwp-protocol-https-perl mariadb-server mariadb-client
1.3 Installing some Perl modules
sudo /usr/bin/perl -MCPAN -e shell
1.3.1 When prompted with the below, input yes then q to quit
1.3.2 Installing the required Perl modules
sudo cpan install HTML::FormatText HTML::TreeBuilder HTML::FormatText::WithLinks HTML::FormatText::WithLinks::AndTables DBD::mysql LWP::Protocol::https
2. General RT5 Installation
2.1 Download and unpack the RT5 tar file to a temporary location.
Check for the latest version here – https://download.bestpractical.com/pub/rt/release/
wget https://download.bestpractical.com/pub/rt/release/rt-5.0.1.tar.gz
2.2 Extract / unpack the file to /tmp and run the ./configure script provided.
tar xzvf rt-5.0.1.tar.gz -C /tmp
cd /tmp/rt-5.0.1/
sudo ./configure
2.3 Ensure the required Perl and system libraries are installed with the command below.
sudo make testdeps
2.2.1 If the script reports any missing dependencies as shown image Image-1 below run the fixdeps command.
sudo make fixdeps
2.2.3 During our demo install we were promoted with the following three questions as shown in Image-3 while running the fixdeps script. We opted to answer yes.
Once the fixdeps script is complete, validate all dependencies are present by running the testdeps script to confirm. If successful you should see similar out put as Image-3 below
sudo make testdeps
2.3 Run the make install with appropriate permissions to install RT5
sudo make install
3 Initialise the Database for RT5
sudo make initialize-database
It will prompt you for a password. just press return/enter key.
Note: Only if the initialization fails run make dropdb and then re-run make initialize-database.
Once completed successfully you should see same result as shown in Image-4
3.1.1 Change the default password for the RT database user. (We recommend for production systems to also change the user.)
sudo mysql -u root -p
It will prompt you for a password. just press return/enter key.
ALTER USER 'rt_user'@'localhost' IDENTIFIED BY 'your_new_rt_pass';
commit;
quit;
Although not covered in this guide, we recommend securing your MariaDB. Start with running the below script to setup up a min baseline.
sudo mysql_secure_installation
3.1.2 Update the RT_Config.pm config to reflect our password change we did for the RT database user rt_user.
sudo vi /opt/rt5/etc/RT_Config.pm
Edit the section as shown in Image-6 below
3.2 Confirm we have a working RT instance running with the standalone rt-server.
sudo /opt/rt5/sbin/rt-server --port 8080
3.2.1 Open your web browser and navigate to your servers ip or FQDN and port 8080. For our demo server it is http://135.181.98.216:8080/. You should see the login page.
4. Configure RT5 to work with the Apache2 web server
4.1 Create a RT5 sites-available configuration file.
sudo vi /etc/apache2/sites-available/rt5.conf
4.2 Populate the file you just created with the information below or pull it from: https://hendgrow.com/gitp/RT5/rt5.conf
4.3 Edit the apache2.conf file and add information as shown in apache2.conf or pull it from: https://hendgrow.com/gitp/RT5/RT5_apache2.conf_add.txt
sudo vi /etc/apache2/apache2.conf
5. Enable the RT5 site
5.1 Enable the RT5 site
sudo a2ensite rt5
5.2 Disable the default site
sudo a2dissite 000-default
5.3 Restart Apache
sudo systemctl restart apache2
5.4 Open your web browser and navigate to your servers ip or FQDN. For our demo server it is http://135.181.98.216. You should see the login page. You should see the login page as shown in Image-7.
NOTE: The default credentials for RT5 are: User: root | Password: password Your first step once logged in is to change the root password! It is a SECURITY risk! The next step should be to setup https for this site using letsencrypt for example.
—End—
Other Topics added from YouTube comments and support@hendgrow.com
How to remove the “Possible cross-site request forgery” RT message when creating tickets or making changes via the WUI etc.
Edit the RT_SiteConfig.pm add an additional line to indicate your Webdomain either IP or FQDN.
Example below:
sudo vi /opt/rt5/etc/RT_SiteConfig.pm
Set( $WebDomain, 'your-servers-ip' );
Restart Apache
sudo systemctl restart apache2
There still allot to do, like configuring an RT email gateway, task scheduler, full text search and general system security etc. That’s potentially for a future guide should there be demand. This guide does not cover server / application hardening and security as it is a broad topic and not the aim of this guide. You should always harden your servers by default! Some useful links:
Secure your MariaDB installation – https://mariadb.com/kb/en/mysql_secure_installation/
Apache2 Security Tips – https://httpd.apache.org/docs/2.4/misc/security_tips.html
Ubuntu Security and Server hardening – https://ubuntu.com/security
Consider subscribing if you found this valuable! youtube.com/HendGrow
During this walk-through we will guide you on how to install a web based POS and ecommerce solution that can be used to sell your goods via your physical and online stores from the same backend. If you don’t have a WordPress base to start with follow the links below. (This was done as a response to a request by on of our subscribers)
How to install the WordPress base server: https://youtu.be/vvOES877BAM How to secure your WordPress Server: https://youtu.be/XocAaMKuQ_k
In this walk-through we will install all the components needed to run WordPress on your own local or cloud Ubuntu 20.04 server. This video was done as a response to a direct request.
Installation of ubuntu server Raspberry Pi
ssh to the linux server you have provisioned. We used Ubuntu 20.04 for this walk-through.
We will install Apache, MariaDB, PhP7.4 and WordPress.
ssh root@95.217.222.229
sudo apt-get update
sudo apt-get install apache2 apache2-utils
sudo systemctl enable apache2
sudo systemctl start apache2
Test apache works by navigating to your servers Ip with a web browser. You should see the below
sudo apt-get install mariadb-server mariadb-client
Set the root password for the Database Server
sudo mysql_secure_installation
Enter current password for root (enter for none): (Press Enter)
Enter your new password and confirm
Remove anonymous users? [Y/n] Y
Disallow root login remotely? [Y/n] Y
Remove test database and access to it? [Y/n] Y
Reload privilege tables now? [Y/n] Y
sudo apt-get install php7.4 php7.4-mysql php7.4-cli php7.4-cgi php7.4-gd libapache2-mod-php7.4
To test create a file called info.php
sudo vi /var/www/html/info.php
Add the following to the file:
Test php works by navigating to your servers Ip with a web browser. In our case it was http://95.217.222.229/info.php
You should see the below:
First we need to get the latest WordPress files.
sudo wget -c http://wordpress.org/latest.tar.gz
Extract the files
sudo tar -xzvf latest.tar.gz
Move the WordPress files to /var/www/html
sudo rsync -av wordpress/* /var/www/html/
Set file / directory permissions
sudo chown -R www-data:www-data /var/www/html/
sudo chmod -R 755 /var/www/html/
login to the MariaBD server with the user root and the password you entered earlier.
mysql -u root -p
CREATE DATABASE wp_pos;
GRANT ALL PRIVILEGES ON wp_pos.* TO 'wpposuser'@'localhost' IDENTIFIED BY 'your_DB_password_here';
FLUSH PRIVILEGES;
EXIT;
Navigate to /var/www/html/
cd /var/www/html/
sudo cp wp-config-sample.php wp-config.php
vi /var/www/html/wp-config.php
Enter the relevant details as seen below:
We now need to rename the default Apache index file so the wordpress one is the active one.
mv index.html index.html.old
Restart apache and Database to ensure the new configs are being use.
sudo systemctl restart apache2.service
sudo systemctl restart mysql.service
Test WordPress is ready for initial install navigating to your servers Ip with a web browser. you should see the following:
If you see the page click on “Continue”. You should be presented with the page below. Complete the details and click “Install WordPress”
Once the installation is complete login with the credentials you have just provided.
If your login is successful. You will be presented with the screen shown below. Your WordPress site is now up and running!
We walk-through how to build your own Minecraft server & run it for under €10 a month. This video was inspired by one of our kids that required a Minecraft server to play on with friends.
We have hosted the following open Minecraft server should you want to test before building.
Note: The aim is to show you how to build a minecraft server. What we don’t cover in this setup is how to secure the server. Highly recommend that you always follow industry security & hardening standards.
Steps. PDF or follow below.
We walk-through how to build your own Minecraft server & run it for under €10 a month. This video was inspired by one of our kids that required a Minecraft server to play on with friends.
We have hosted the following open Minecraft server should you want to test before building. https://hendcraft.com/hcaws/
Note: The aim is to show you how to build a minecraft server. What we don’t cover in this setup is how to secure the server. Highly recommend that you always follow industry security & hardening standards.
–Start–
URL’s used
Hetzner Cloud – https://accounts.hetzner.com/login
Minecraft Server Download – https://www.minecraft.net/en-us/download/server/
–Steps–
ssh root@your-server-ip
apt-get update
apt-get upgrade
apt-get install openjdk-14-jdk
java –version
cd /opt
mkdir minecraft
cd /opt/minecraft
wget https://launcher.mojang.com/v1/objects/a412fd69db1f81db3f511c1463fd304675244077/server.jar
apt-get install screen
cd /opt/minecraft
java -Xmx2GB -Xms1G -jar server.jar -nogui
vi eula.txt. (Update the line “eula=false to eula=true“)
cd /opt/minecraft
java -Xmx2GB -Xms1G -jar server.jar -nogui