Introduction
Libellux: Up & Running provides documentation on how-to install open-source software from source. The focus is Zero Trust Network to enhance the security for existing applications or install tools to detect and prevent threats.
DISCLAIMER
It is understood that this documentation, and any configurations may contain errors and are provided for education purposes only. The documentation, and any configurations are provided "as is" without warranty of any kind, whether express, implied, statutory, or otherwise.
Credits
Role | Names |
---|---|
Lead Authors: | Fredrik Hilmersson @libelluxopen in new window |
Contributors: | Damir Kucic @dkucicopen in new window |
Reviewers: | Scott Shinn @atomicturtleopen in new window, Cornelius Kölbel @cornelinuxopen in new window, Adam Hilmersson @cnstaopen in new window, Björn Ricks @bjoernricksopen in new window |
Supporters: | HyperQubeopen in new window, Atomi Systemsopen in new window, Mullvad VPNopen in new window, JetBrainsopen in new window |
Conventions
Type | Convention | Description |
---|---|---|
Environment | server@ubuntu | Suffix determine operating system |
Server CLI | server@rocky | Commands executed from server command-line |
Client CLI | client@ubuntu | Commands executed from client command-line |
Server IP | 192.168.0.1 | Server IP address |
Client IP | 192.168.0.2 | Client IP address |
VPN server | 192.168.8.1 | WireGuard VPN server IP address |
VPN client | 192.168.8.2 | WireGuard VPN client IP address |
Table of contents
PART 1: ZERO TRUST NETWORK
- 1.0: WireGuard Secure VPN Tunnel stable
- 1.1: Two-factor authentication w/ privacyIDEA and YubiKey stable
- 1.2: Universal 2nd Factor with YubiKey incomplete
PART 2: INTRUSTION DETECTION AND PREVENTION
- 2.0: OSSEC Host Intrusion Detection System stable
- 2.1: PSAD Intrusion Detection with Log Analysis stable
- 2.2: Greenbone Vulnerability Manager stable
- 2.3: Snort Network Intrusion Detection & Prevention System TBA
- 2.4: ClamAV Antivirus Server stable
PART 3: MONITORING AND MANAGEMENT
- 3.0: AWX Ansible Tower TBA
- 3.1: M/Monit System Monitoring stable
- 3.2: Performance Co-Pilot Grafana incomplete
- 3.3: Rsyslog Log Processing incomplete
- 3.4: Graylog Centralized Log Management incomplete
Feedback
Questionsopen in new window, commentsopen in new window, or problemsopen in new window regarding this service? Create an issue hereopen in new window or contact webmaster@libellux.com.
Road map
To follow the process and prioritization check out the project road mapopen in new window. Feel free to create a feature requestopen in new window if there's any documentation or software you would like us to cover.
Release notes
Libellux: Up and Running changelog (1.1.0) fredrik@libellux.com
Release Maintainers
Fredrik Hilmersson @libelluxopen in new window
Contributors on this release
Cornelius Kölbel @cornelinuxopen in new window
Scott Shinn @atomicturtleopen in new window
Adam Hilmersson @cnstopen in new window
Release notes
Special thanks on this release go out to:
- HyperQubeopen in new window for providing their great software to replicate entire cloud networks with the click of a button.
- Atomi Systemsopen in new window for giving access to their powerful screen recording software ActivePresenter.
- Mullvad VPNopen in new window letting us use their fast, trustworthy and easy-to-use VPN with a focus on privacy.
- Cornelius Kölbel @cornelinuxopen in new window from NetKnightsopen in new window.
This is the first minor release of Libellux: Up and Running. Where we start combining the services to enhance the security in the Zero Trust Network. We added documentation how-to set up a virtual private network (VPN) using WireGuard. privacyIDEA will act as our central authentication server to both enforce two-factor authentication (using YubiKey 5 NFC) but also to apply an role-based access control (RBAC) approach. We also added a new section on how-to set up a server/client relationship with ClamAV Antivirus. Additionally we added the possiblity to comment using Gitalk.
What's New:
Two-factor authentiction w/ PrivacyIDEA FreeRADIUS plugin and YubiKey 5 NFC
Greenbone Vulnerability Manager (GVM) revision 5 w/ update for latest GVM release (21.04)
WireGuard Secure VPN Tunnel
ClamAV Antivirus Server
Scheduled jobs for GVM 21.04 to keep community feed up-to-date
Comments with Gitalk
Prior releases
Libellux: Up and Running changelog (1.0.1) fredrik@libellux.com
Release Maintainers
Fredrik Hilmersson @libelluxopen in new window
Contributors on this release
Scott Shinn @atomicturtleopen in new window
Adam Hilmersson @cnstaopen in new window
Release notes
The second release of Libellux: Up and Running mostly contain updates to already existing chapters. There is a few new additions to each chapter e.g. Agentless monitoring and Windows Server 2019 agent installation for OSSEC. The OpenVAS chapter has also been revised and updated with new features such as basic vulnerability scans to give a first hands-on experience. We've also completed the first revision for M/Monit System Monitoring.
What's New:
M/Monit System Monitoring (3.7.5) with Monit (5.27.0)
Agentless monitoring chapter to OSSEC Host Intrusion Detection (3.6.0)
Windows Server 2019 agent installation (OSSEC 3.6.0)
Basic authenticated and unauthenticated scan to OpenVAS Vulnerability Scanner (OpenVAS 20.08)
Libellux: Up and Running changelog (1.0.0) fredrik@libellux.com
Release Maintainers
Fredrik Hilmersson @libelluxopen in new window
Contributors on this release
Damir Kucic @dkucicopen in new window
Scott Shinn @atomicturtleopen in new window
Adam Hilmersson @cnstaopen in new window
Zeny Palac @doczenzenopen in new window
Falk @falkowichopen in new window
Release notes
This is the first release of Libellux: Up and Running. The initial release contain documentation and configuration for the software specified below (see What's New). Libellux: Up and Running is a collection of personal notes and documentation regarding open-source software configuration. The focus is to build a so called Zero Trust Network using a central authentication server to enhance the security for our existing applications. We will manage our network using an open-source software tool for provisioning and configuration management to automate and speed up productivity.
What's New:
OSSEC Host Intrusion Detection (3.6.0)
PSAD Intrusion Detection (2.4.6)
OpenVAS Vulnerability Scanner (OpenVAS 20.08, Atomicorp 20.08)