- Use Cloudflare Tunnels to securely expose the database to the public internet
# Insecure Exposition Implementation Design
## Idea 1: Use Cloud VM to Detect Scanning and Show Use in the Wild
- Implementing ubuntu on Linode
- Load previous technology onto the server, but leave the services wide open
- Watch the scans come in with some other tooling
## Idea 2: Use an Ubuntu VM on Local Machine
- Get Ubuntu VM
- Load docker and the database technology
- Run Zenmap from local machine
# Showing Insecure Exposition with Ubuntu VM
## Setup VMware Workstation Player
1. Download & Install - [Download VMware Workstation Player | VMware](https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html)
2. Put the iso file into the VMware Workstation "new virtual machine" workflow
1. 
3. Make sure to have 25 GB disk space, 4 GB RAM, and 2 cores (at least)
4. Start the VM
## Setup Environment on Ubuntu VM
### Make sure the VM is in "bridged" Networking Mode
1. 
2. 
### Ubuntu Remote Access
#### Setup SSH on Ubuntu
- [How to Enable SSH on Ubuntu - Pi My Life Up](https://pimylifeup.com/ubuntu-enable-ssh/)
Install SSH server for Ubuntu:
```bash
sudo apt install openssh-server
```
Verify SSH server is running (run if not running - 2nd command):
```
sudo systemctl status ssh
sudo systemctl start ssh
```
Get IP to Connect:
```
hostname -I | cut -d '' -f1
```
Enable Password Authentication:
- [configuration - How can I allow SSH password authentication from only certain IP addresses? - Ask Ubuntu](https://askubuntu.com/questions/101670/how-can-i-allow-ssh-password-authentication-from-only-certain-ip-addresses)
- [How to Enable SSH Password Authentication - ServerPilot](https://serverpilot.io/docs/how-to-enable-ssh-password-authentication/)
```
nano /etc/ssh/sshd_config
```
Reset the SSH service:
```
service ssh reload
```
#### SSH Into Ubuntu Server
On client terminal, run:
```
ssh
[email protected]
```
### Connection Parameters
username:
```
cybersader
```
IP:
```
192.168.1.88
```
### Install Docker and Setup Containers in Ubuntu with Portainer
#### Docker Install in Ubuntu
- [Portainer Install Ubuntu tutorial - manage your docker containers - YouTube](https://www.youtube.com/watch?v=ljDI5jykjE8)
- [Happy Pi Day with Docker and Raspberry Pi | Docker](https://www.docker.com/blog/happy-pi-day-docker-raspberry-pi/)
- [Install Docker Engine on Ubuntu | Docker Docs](https://docs.docker.com/engine/install/ubuntu/)
- [Linux post-installation steps for Docker Engine | Docker Docs](https://docs.docker.com/engine/install/linux-postinstall/)
- [How To Install Docker on Ubuntu 20.04 and 22.04](https://phoenixnap.com/kb/install-docker-on-ubuntu-20-04)
- Make sure to upgrade and update
```bash
sudo apt update
sudo apt upgrade
```
1. Install Preqrequisites
```bash
sudo apt-get install apt-transport-https ca-certificates software-properties-common -y
```
2. Download and Install Docker
```bash
curl -fsSL https://get.docker.com -o get-docker.sh
sh get-docker.sh
```
- No curl?
- `sudo apt install curl`
3. Give 'pi' user the ability to run Docker
```bash
sudo usermod -aG docker cybersader
```
```bash
newgrp docker
```
Might not need 4 & 5 based on Ubuntu install - [Install Docker Engine on Ubuntu | Docker Docs](https://docs.docker.com/engine/install/ubuntu/)
4. Import Docker CPG key.
```bash
sudo curl https://download.docker.com/linux/raspbian/gpg
```
5. Setup the Docker Repo.
```bash
vim /etc/apt/sources.list
```
add the following line and save
```
deb https://download.docker.com/linux/raspbian/ stretch stable
```
6. Patch and update your Pi.
```bash
sudo apt-get update
```
```bash
sudo apt-get upgrade
```
To make annoying message go away - ["Newer kernel available" annoying message whenever apt run - Raspberry Pi Forums](https://forums.raspberrypi.com/viewtopic.php?t=264051)
```bash
sudo apt install --reinstall raspberrypi-kernel raspberrypi-bootloader
```
7. Start the Docker service.
```bash
sudo service docker start
systemctl start docker.service
```
8. Verify Docker is running.
```bash
sudo systemctl status docker
docker info
```
#### Setup Portainer
- [Install Portainer CE with Docker on Linux - Portainer Documentation](https://docs.portainer.io/start/install-ce/server/docker/linux)
- [Portainer Install Ubuntu tutorial - manage your docker containers - YouTube](https://www.youtube.com/watch?v=ljDI5jykjE8&list=PLAo444udA0qyan41bUMRNrH1idRk3GsrV&index=13&t=147s) -- 2 years old
- [How to Install Portainer on Ubuntu 22.04 - LinuxTuto](https://www.linuxtuto.com/how-to-install-portainer-on-ubuntu-22-04/) -- May 2023
- [Installing Portainer to the Raspberry Pi - Pi My Life Up](https://pimylifeup.com/raspberry-pi-portainer/) -- September 2023
##### Download and Install Portainer
Below is done in SSH terminal connected to Raspberry Pi:
1. Do your Linux updates
```bash
sudo apt-get update && sudo apt-get upgrade
```
2. Make sure Docker is working
```bash
systemctl status docker
```
3. Install Portainer
```bash
docker pull portainer/portainer-ce:latest
```
4. Run Portainer & Define Other Parameters
- Tell it where to store the data used by the container
- Let Portainer have access to port 9000
- Assign container name "portainer" to make it easy to identify
- Restart always to restart it if it goes offline
```bash
sudo docker run -d -p 9000:9000 --name=portainer --restart=always -v /var/run/docker.sock:/var/run/docker.sock -v portainer_data:/data portainer/portainer-ce:latest
```
##### Access Portainer Web Interface
While SSH'd into the Rpi:
5. We need to know the IP address of the Raspberry Pi:
```bash
hostname -I | cut -d' ' -f1
```
OR
```bash
ip addr
```
6. Access Portainer in browser
1. My private address:
```
http://192.168.1.88:9000
```
### Install Postgres Container
- [postgres - Official Image | Docker Hub](https://hub.docker.com/_/postgres)
1. Go the local environment
2. Check out your stats
3. App Templates > Postgres
4. Setup the Postgres App Template
5. Deploy Postgres Container
6. Check out the container stats (*yikes*)
-
### Install pgAdmin4 Container
We need a GUI to manage the Postgres database and pgAdmin and the best way to do so.
1. Create Container
2. Configure Ports
3. Setup environment variables for pgAdmin4 to use during build
4. Set restart policy to always
5. Deploy
6. Check Status
### Access pgAdmin Container
1. Access pgadmin container on the local network
- Tried Rpi IP with port
- 
- Didn't work
- Nevermind...it popped up? Don't know why
- 
- 
2. Dashboard and we can add a connection to the postgres database if we need to
1. 