[Free VPS] GCP (Google Cloud Platform) Tips and Tricks (Free Tier, Free 16G RAM, 4 vCPU VPS) - NETSEC

Latest

Learning, Sharing, Creating

Cybersecurity Memo

Sunday, May 10, 2020

[Free VPS] GCP (Google Cloud Platform) Tips and Tricks (Free Tier, Free 16G RAM, 4 vCPU VPS)

This post is to collect some experienced learned during working around GCP. Most are relating to Linux commands and usage. 



Free Tier (VM - Compute Engine)

https://cloud.google.com/free/docs/free-cloud-features#compute

  • 1 non-preemptible e2-micro VM instance per month in one of the following US regions:
    • Oregon: us-west1
    • Iowa: us-central1
    • South Carolina: us-east1
  • 30 GB-months standard persistent disk
  • 1 GB of outbound data transfer from North America to all region destinations (excluding China and Australia) per month



There are some tricks to get a real free VM. If you did not set hard drive type and network serviers tier correct, you will get charged:

Please check https://cloud.google.com/free/docs/gcp-free-tier#free-tier-usage-limits for more details for free tier:

  • vCPU: 0.25-2 vCPU (1 shared core)
  • Memory: 1GB
  • Disk: standard persistent disk : 30GB
  • Network traffic : Standard Network Service Tier : 200GB/mo free in every region

Disk Type change:


If you found there is a small charge for disk, here is the trick part:
You will need to chose standard persistent disk rather than Balanced persistent disk. 

Change type to standard persistent disk


For network service tier:

  • https://console.cloud.google.com/net-tier/tiers/details?_ga=2.82938453.294358373.1721508929-930637729.1712023792

Or  at the project level: 
  • https://console.cloud.google.com/net-tier/tiers/details?project=jon-netsec-nginx1
Or search Network Services Tiers



  1. In the Google Cloud console, go to the Network Service Tiers page.

    GO TO THE NETWORK SERVICE TIERS PAGE

  2. Click Change tier.

  3. Select Premium or Standard, and then click Change.

Standard has 200GB/mo free.




Cloud Shell Quota



Cloud Shell has weekly usage limits, 50 hours / week. If you reach there limites you will need to wait before you can use Cloud Shell again. 

Enable Root Account and Password Access

By default, Google Compute Engine offers the browser-based Google Cloud Platform Console tool that lets you manage your Google Compute Engine resources through a graphical interface. Use the GCP Console to manage your resources if you prefer using a user-interface through the browser.

In the GCP documentation setting up ssh keys  which shows how to set up your own ssh key to access all your virtual machines in GCP. here's the summary of steps:



  1. Generate your keys using ssh-keygen or PuTTYgen for Windows, if you haven't already.
  2. Copy the contents of your public key. If you just generated this key, it can probably be found in a file named id_rsa.pub.
  3. Log in to the Developers Console.
  4. In the navigation, Compute->Compute Engine->Metadata.
  5. Click the SSH Keys tab.
  6. Click the Edit button.
  7. In the empty input box at the bottom of the list, enter the corresponding public key, in the following format: 

    <protocol> <public-key> [email protected] 

    This makes your public key automatically available to all of your instances in that project. To add multiple keys, list each key on a new line.
  8. Click Done to save your changes. 

    It can take several minutes before the key is inserted into the instance. Try connecting with ssh to your instance. If it is successful, your key has been propagated to the instance.

Once you connect to your GCP VM using PuTTY or gcloud compute instances ssh or even clicking on the "SSH" button on the Developers Console next to the instance, you should be able to use the sudo command. Note that you shouldn't be using the su command to become root, just run:
sudo [command]
and it should not prompt you for a password.
If you want to get a root shell to run several commands as root and you want to avoid prefixing all commands with sudo, run:
sudo su -

Sometimes, you might need to have directly root ssh access with username/password authentication. Here is how we can do it:


1. As the root user, edit the sshd_config file found in /etc/ssh/sshd_config:
vim /etc/ssh/sshd_config

2. PermitRootLogin and PasswordAuthentication

Add the following line to the file, you can add it anywhere but it’s good practice to find the block about authentication and add it there.
PermitRootLogin yes
PasswordAuthentication yes
Save and exit the file.


3. Restart ssh server to make your configuration effective
Restart the SSH server:
systemctl restart sshdOr:
service sshd restart


4. Disable public key authentication:

vim /etc/ssh/sshd_config

PubkeyAuthentication no


YouTube Video:



Script to enable cloud VPS root account access:

  • #!/bin/bash
  • echo root:123456789 |sudo chpasswd root
  • sudo sed -i 's/PermitRootLogin no/PermitRootLogin yes/g' /etc/ssh/sshd_config;
  • sudo sed -i 's/PasswordAuthentication no/PasswordAuthentication yes/g' /etc/ssh/sshd_config;
  • sudo service sshd restart



Measure Your Latency to GCP Regions

gcping - http://www.gcping.com/



DD GCP From Ubuntu Cloud VM

Note: On April 2022, for DD related topics, please check another post. The script or method might be already invalid:

For GCP or Azure cloud environment, all steps are similar. Only different is that you will need to manual pass network parameters into the Windows VM during DD process.


# Change X.X.X.X to your Script's configuration # --ip-addr :IP Address # --ip-mask :Netmask # --ip-gate :Gateway wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh' && bash InstallNET.sh --ip-addr X.X.X.X --ip-mask X.X.X.X --ip-gate X.X.X.X -dd 'DD Image'

Wait about 30 minutes then use RDP to connect. Make sure RDP port has been opened from your security group firewall rule.

username : administrator
password : www.nat.ee



    Command Example 1 for Windows 2008 64B R2: 
    wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh' && bash InstallNET.sh --ip-addr X.X.X.X --ip-mask 255.255.255.0 --ip-gate 10.x.0.1 -dd 'https://api.moeclub.org/GoogleDrive/1DTps9WwC6RZ8szflais8YazpkCVdqdI7'
    Command Example 2 for Win7 64B SP1 with IIS:
    wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh' && bash InstallNET.sh --ip-addr X.X.X.X --ip-mask 255.255.255.0 --ip-gate 10.x.0.1 -dd 'https://api.moeclub.org/GoogleDrive/1KA9PDH4T2ODbxS97T6MtTk5TwifQQoIp'
    You will need to replace x.x.x.x with your own Linux VM's ip. You will need to change the gateway as well.




    DD GCP  Alpine


    Two notes:
    1. IP Address network mask will need to be 255.255.255.0. Gateway is .1 for IP Address network
    2. Change Root password to the one you know. After Alpine installed, it will use same root password.



    1. wget --no-check-certificate https://donghaiair.com.cn/alpine.sh && chmod +x alpine.sh && sed -i "s|^mask|mask=255.255.255.0\n#mask|" alpine.sh && ./alpine.sh

    or 
    1. wget --no-check-certificate https://haoduck.com/DEMO/sh/alpine.sh && chmod +x alpine.sh && sed -i "s|^mask|mask=255.255.255.0\n#mask|" alpine.sh && ./alpine.sh


    DD GCP  Windows

    1  Install Required Packages

    Debian/Ubuntu

    1. apt-get install -y xz-utils openssl gawk file wget

    CentOS

    1. yum install -y xz openssl gawk file wget
    2  Download DD Script

    1. wget --no-check-certificate -qO InstallNET.sh 'https://moeclub.org/attachment/LinuxShell/InstallNET.sh'
    2. chmod +x InstallNET.sh

    3  Using Script to Install


    1. bash InstallNET.sh --ip-addr 10.168.0.7 --ip-gate 10.168.0.1 --ip-mask 255.255.255.0 -dd 'https://moeclub.org/onedrive/IMAGE/Windows/win10ltsc_x64.tar.gz'

    This script is coming from moeclub. Default username administrator and password is Vicer.


    Note: Only certain images will work on GCP. Please check another post. The script or method might be already invalid:


    Run Docker Containers Free VPS From GCP Cloud Shell

    You can directly access your GCP cloud shell through page:https://cloud.google.com/shell, (16G RAM, 4 vCPU or 8G RAM, 2vCPU) or by enabling Cloud Shell access from top right terminal icon of your GCP console page:

    Both Docker and Docker-Compose have been installed.

    Welcome to Cloud Shell! Type "help" to get started.
    Your Cloud Platform project in this session is set to sec-2-213000.
    Use “gcloud config set project [PROJECT_ID]” to change to a different project.
    jon_netsec@cloudshell:~ (sec-2-213000)$ curl cip.cc
    IP      : 34.139.137.247
    地址    : 美国  美国
    
    数据二  : 美国 | 得克萨斯州
    
    数据三  : 美国德克萨斯休斯顿
    
    URL     : http://www.cip.cc/34.139.137.247
    jon_netsec@cloudshell:~ (sec-2-213000)$ docker version
    Client: Docker Engine - Community
     Version:           20.10.8
     API version:       1.41
     Go version:        go1.16.6
     Git commit:        3967b7d
     Built:             Fri Jul 30 19:54:02 2021
     OS/Arch:           linux/amd64
     Context:           default
     Experimental:      true
    
    Server: Docker Engine - Community
     Engine:
      Version:          20.10.8
      API version:      1.41 (minimum version 1.12)
      Go version:       go1.16.6
      Git commit:       75249d8
      Built:            Fri Jul 30 19:52:10 2021
      OS/Arch:          linux/amd64
      Experimental:     false
     containerd:
      Version:          1.4.9
      GitCommit:        e25210fe30a0a703442421b0f60afac609f950a3
     runc:
      Version:          1.0.1
      GitCommit:        v1.0.1-0-g4144b63
     docker-init:
      Version:          0.19.0
      GitCommit:        de40ad0
    jon_netsec@cloudshell:~ (sec-2-213000)$ docker-compose version
    docker-compose version 1.24.0, build 0aa59064
    docker-py version: 3.7.2
    CPython version: 3.6.8
    OpenSSL version: OpenSSL 1.1.0j  20 Nov 2018
    jon_netsec@cloudshell:~ (sec-2-213000)$
    
    
    [Warning] Don't run this in labs.play-with-docker.com. The instance will be terminated right away. 

    There are quite a few docker images available on Internet. Here is the one I found very usful:

    1. dorowu/ubuntu-desktop-lxde-vnc from DockerHub
      • Github page: https://github.com/fcwu/docker-ubuntu-vnc-desktop
      • docker run -p 8080:80 dorowu/ubuntu-desktop-lxde-vnc
    If port 8080 is occupied, we can use port 6080 as show below:
    docker run -p 6080:80 -v /dev/shm:/dev/shm dorowu/ubuntu-desktop-lxde-vnc
    Since we are using port 6080, we will need to change Preview port from default 8080 to 6080.


    Or the easiest way is to use following docker run command then you will not need to change port and you can directly preview it in another web page:

    docker run -p 8080:80 dorowu/ubuntu-desktop-lxde-vnc

    Lets check the cpu and memory of this Google Console Shell VM:



    root@79869323e3bb:~# free
                  total        used        free      shared  buff/cache   available
    Mem:       16393552     1807564    11491980      121544     3094008    14154252
    Swap:             0           0           0
    root@79869323e3bb:~# cat /proc/cpuinfo
    processor : 0
    vendor_id : GenuineIntel
    cpu family : 6
    model : 79
    model name : Intel(R) Xeon(R) CPU @ 2.20GHz
    stepping : 0
    microcode : 0x1
    cpu MHz : 2200.156
    cache size : 56320 KB
    physical id : 0
    siblings : 4
    core id : 0
    cpu cores : 2
    apicid : 0
    initial apicid : 0
    fpu : yes
    fpu_exception : yes
    cpuid level : 13
    wp : yes
    flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities
    bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa
    bogomips : 4400.31
    clflush size : 64
    cache_alignment : 64
    address sizes : 46 bits physical, 48 bits virtual
    power management:
    processor : 1
    vendor_id : GenuineIntel
    cpu family : 6
    model : 79
    model name : Intel(R) Xeon(R) CPU @ 2.20GHz
    stepping : 0
    microcode : 0x1
    cpu MHz : 2200.156
    cache size : 56320 KB
    physical id : 0
    siblings : 4
    core id : 1
    cpu cores : 2
    apicid : 2
    initial apicid : 2
    fpu : yes
    fpu_exception : yes
    cpuid level : 13
    wp : yes
    flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities
    bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa
    bogomips : 4400.31
    clflush size : 64
    cache_alignment : 64
    address sizes : 46 bits physical, 48 bits virtual
    power management:
    processor : 2
    vendor_id : GenuineIntel
    cpu family : 6
    model : 79
    model name : Intel(R) Xeon(R) CPU @ 2.20GHz
    stepping : 0
    microcode : 0x1
    cpu MHz : 2200.156
    cache size : 56320 KB
    physical id : 0
    siblings : 4
    core id : 0
    cpu cores : 2
    apicid : 1
    initial apicid : 1
    fpu : yes
    fpu_exception : yes
    cpuid level : 13
    wp : yes
    flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities
    bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa
    bogomips : 4400.31
    clflush size : 64
    cache_alignment : 64
    address sizes : 46 bits physical, 48 bits virtual
    power management:
    processor : 3
    vendor_id : GenuineIntel
    cpu family : 6
    model : 79
    model name : Intel(R) Xeon(R) CPU @ 2.20GHz
    stepping : 0
    microcode : 0x1
    cpu MHz : 2200.156
    cache size : 56320 KB
    physical id : 0
    siblings : 4
    core id : 1
    cpu cores : 2
    apicid : 3
    initial apicid : 3
    fpu : yes
    fpu_exception : yes
    cpuid level : 13
    wp : yes
    flags : fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology nonstop_tsc cpuid tsc_known_freq pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 x2apic movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti ssbd ibrs ibpb stibp fsgsbase tsc_adjust bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt arat md_clear arch_capabilities
    bugs : cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa
    bogomips : 4400.31
    clflush size : 64
    cache_alignment : 64
    address sizes : 46 bits physical, 48 bits virtual
    power management:
    root@79869323e3bb:~# cat /proc/meminfo
    MemTotal:       16393552 kB
    MemFree:        11619288 kB
    MemAvailable:   14293272 kB
    Buffers:          136724 kB
    Cached:          2728068 kB
    SwapCached:            0 kB
    Active:           634300 kB
    Inactive:        3715948 kB
    Active(anon):       1804 kB
    Inactive(anon):  1581748 kB
    Active(file):     632496 kB
    Inactive(file):  2134200 kB
    Unevictable:           0 kB
    Mlocked:               0 kB
    SwapTotal:             0 kB
    SwapFree:              0 kB
    Dirty:              1932 kB
    Writeback:             0 kB
    AnonPages:       1485560 kB
    Mapped:           796400 kB
    Shmem:            126016 kB
    KReclaimable:     245328 kB
    Slab:             299336 kB
    SReclaimable:     245328 kB
    SUnreclaim:        54008 kB
    KernelStack:       13168 kB
    PageTables:        25456 kB
    NFS_Unstable:          0 kB
    Bounce:                0 kB
    WritebackTmp:          0 kB
    CommitLimit:     8196776 kB
    Committed_AS:    7919788 kB
    VmallocTotal:   34359738367 kB
    VmallocUsed:       16972 kB
    VmallocChunk:          0 kB
    Percpu:             2528 kB
    HardwareCorrupted:     0 kB
    AnonHugePages:         0 kB
    ShmemHugePages:        0 kB
    ShmemPmdMapped:        0 kB
    FileHugePages:         0 kB
    FilePmdMapped:         0 kB
    CmaTotal:              0 kB
    CmaFree:               0 kB
    HugePages_Total:       0
    HugePages_Free:        0
    HugePages_Rsvd:        0
    HugePages_Surp:        0
    Hugepagesize:       2048 kB
    Hugetlb:               0 kB
    DirectMap4k:      226112 kB
    DirectMap2M:     9207808 kB
    DirectMap1G:     9437184 kB
    root@79869323e3bb:~# 





    We also can install NextCloud using Docker Compose file from : https://hub.docker.com/_/nextcloud
    Create a new docker-compose.yml file and copy contents from https://hub.docker.com/_/nextcloud. Make sure enter a new password for your MYSQL root account and MYSQL DB. 


    jon_netsec@cloudshell:~ (sec-2-213000)$nano docker-compose.yml
    
    version: '2'
    
    volumes:
      nextcloud:
      db:
    
    services:
      db:
        image: mariadb
        restart: always
        command: --transaction-isolation=READ-COMMITTED --binlog-format=ROW
        volumes:
          - db:/var/lib/mysql
        environment:
          - MYSQL_ROOT_PASSWORD=Password1234!
          - MYSQL_PASSWORD=Password1234!
          - MYSQL_DATABASE=nextcloud
          - MYSQL_USER=nextcloud
    
      app:
        image: nextcloud
        restart: always
        ports:
          - 8080:80
        links:
          - db
        volumes:
          - nextcloud:/var/www/html
        environment:
          - MYSQL_PASSWORD=Password1234!
          - MYSQL_DATABASE=nextcloud
          - MYSQL_USER=nextcloud
          - MYSQL_HOST=db
    Run "docker-compose up" command to bring this NextCloud dockers up. 


    1 comment:

    1. This comment has been removed by a blog administrator.

      ReplyDelete