zPatronus's blog

Things I Did to Start a Public GNU/Linux Server Among My Friends

Posted on
As CS/DS students, we use GNU/Linux a lot in our courses! Also, for most projects, we need to work together, share our test cases, and catch bugs efficiently. I happens to noticed that my ISP is providing a static public IP to my home network. So, I utilizes that and the Raspberry Pi 3B+ I brought from China to the US to open a public server for my friends.

0. Create 2 users

An admin user and a public user pub.

Since there’s no malicious guys in my friends, I’m not preparing to create an account for each of them. Rather, they will be logged in to a same public account. It also enforces them to store only public content in this server, or they really want their “dark secrets” to be seen. It’s just a Raspberry Pi 3B+ with 1GB of RAM and 16GB of storage. Not a lot of computer juice here.

1. Notice board and readme system

I heavily modified the ~/.bashrc to do the following 2 things:

  1. Whenever a bash session is created, ~/.news will be catted to print the news (modifications to the server or newly uploaded files).
  2. Whenever cd is called to a directory with a README.txt in it, the README.txt will be catted to print info about that directory.

Trust me. Even they are my friends, I gets annoyed when they keep asking me the same question (like “wtf, rsync [email protected]:/path/to/dir/or/files /path/to/local/dir/“ does not sync ~/281p4/* on the server to my disk). I put these things to the notice board and README.txt.

2. SSH auth protection

Since all of my friends are able to log in to pub, they can potentially modify ~/.ssh/authorized_keys, which I don’t want to happen.

In the admin account, I add a start-up script which will start all custom scripts.

One of the customized script copies a valid authorized_keys to pub every 1 min to secure that.

3. Source file cleaning

The purpose of this server is never to exchange project answers, aka source codes. A source file cleaning scripts runs every 3 mins to remove all source files by matching extensions. This will be bypassed if one simply change the file extension, but if they really want to exchange source, they can use other platforms and this server is definitely not the best option. The main purpose of this function is to take care of source files that are compiled and executed on the server, but are not removed in time.

4. oh-my-posh

That is a must have. In .bashrc I set it up so that a random theme is used every time a session starts.

5. System status monetization

A nginx server is created to host several webpages that display the system’s status.

Status includes CPU load, CPU temperature, file tree under ~, and login count from different people.

The login count is achieved by parsing /var/log/auth.log and match SHA256 of every ssh keys to one in the ~/.ssh/authorized_keys.