Lab 1.1 - AinsleyPlayer/SEC-350 GitHub Wiki

Configuring RW01

Start off by making sure that the box is on the SEC WAN and then powering on the box.

Log into the box using the default credentials.

We will start off by changing the password for the champusr account.

image

Add a new user and a password, you can leave the values blank when it asks for Name, etc.

image

Add a new sudo user

image

Now we need to add our network connection (refer to the IP assignments)

image

image

To make sure you are connected, go to the chmplain.edu web page.

Deliverable 1

image

Success!


Configuring basic routing on FW01

We will now jump over to our FW01 box.

Start off by going into and editing the virtual hardware settings and add a new network adapter. Make sure the three network adapters are WAN, DMZ, and LAN.

image

Power on the box and when it prompts you, use the default credentials to log in.

Set Hostname

We are going to change the host name as seen in the image below.

image

Keep typing "exit" until you get a login prompt, then log in to configure the box (log in with defaults)

image

Interface Assignment

We will now start configuring the interfaces

image

Add a description for your interfaces for future ease

image

Using the same commands, name both eth1 and eth2

image

Now we are going to configure the IP addresses (refer to the IP assignments)

image

image

Gateway and DNS

Now we will set the default gateway and DNS server to the SEC350-Gateway Firewall at 10.0.17.2 so it can interact as it should

image

To make sure that everything is functioning, we will ping google.com

Deliverable 2

image

Success!


Configuring Web01

Make your way over to your Web01 box, and change your network adapter to DMZ

image

Now power on the VM and log in with the default username and password

image

Like we did for the first box, we will add a new user, set hostname, change passwords, etc

image

We have to set up our IPs, to do this, start off by running the command nmtui

image

Set up all connections as necessary

image

image


Configuring fw01 for NAT and DNS Forwarding on fw01

Head into fw01 and do the following

image

image

Now with the forwarding set up on web01, you should now be able to ping by IP address, but not hostname yet

Deliverable 3

image


Configuring fw01 for DNS forwarding

We are going to tell fw1 to forward DNS requests from the DMZ interface

image

Now you should be able to ping both 8.8.8.8 and google.com

Deliverable 4

image


Configuring log01

We are going to initially put our log server on the DMZ network, & later we will place this server in a segmented area of our network.

image

Log in with default credentials

image

Configure log01 with an IP address ending in .5. Make sure log01 is on the DMZ network.

image

image

Ensure you have set the hostname of web01 and log01 to web01-yourname and log01-yourname respectively, & create a sudo user on both.

image

Deliverable 5

image


Configuring httpd on web01 & Configuring firewall on web01

If not already on web01, you can get https with the command sudo yum install -y httpd

Then we need to add ports through the firewall

sudo firewall-cmd --permanent --add-port 80/tcp sudo firewall-cmd --permanent --add-port 443/tcp sudo firewall-cmd --reload

image

If it is running, your screen should look like this

image


Testing httpd on web01 from rw01

rw01's default gateway is 10.0.17.2, we need to tell it that any address in your DMZ should route via your firewall’s WAN interface

We do this with a static route on rw01

image

Restart your network through the gui or from a privileged terminal command

image

So, it turns out that because of the default gateway, we need to add a static route to be able to access the web server

image

image

Now we can access the web page

Deliverable 6

image


Configuring rsyslog services on log01

Run the command systemctl status rsyslog to make sure it is running on log01

image

On log01, the /etc/rsyslog.conf file needs to be modified to receive syslog messages over ports 514 tcp and udp. Uncomment the appropriate lines (see below) and restart the rsyslog service.

Run the command nano /etc/rsyslog.conf to be able to edit the file and comment these in

image

I then ran the commands we ran earlier in the lab to add port 514 to our firewall

image

image

Now go into our Web01 box run the command sudo nano /etc/rsyslog.d/sec350.conf and add the following to the file, then save it

image


Test rsyslog messaging from web01 to log01

On log01, tail -f the /var/log/messages file

image

On web01, use the local logger utility to send a syslog message

image

Deliverable 7

image


rw01->SSH->web01->SSH->log01

From rw01, use a SSH session to login to web01, from that SSH session login to log01.

Deliverable 8

image