SEC‐350Lab2 - ConnorEast/Tech-Journal GitHub Wiki
< Previous Page
FW01 CLIFW01 CLI
| Command Used | Terminal Used | Purpose |
|---|---|---|
| sudo vi etc/rsyslog.conf | CMD | Commenting out of line "$ActionFileDefaultTemplate RSYSLOG_TraditionalFileFormat" This will allow for us to list out all date time data in log messages |
| logger -t test whattimeisit2 | CMD | Adds a new piece of data "whattimeisit2" to the rsyslog file |
| sudo cat /var/log/syslog | grep whattimeisit | CMD | Prints the contents of syslog where the data has in it "whattimeisit" |
| ssh [email protected] | CMD | remote access to the web server through the user "connor". The web server IP being 172.16.50.3 |
| ssh [email protected] | CMD | remote access to the log server through the user "connor". The log server's IP being 172.16.50.5 |
FW01 CLIFW01 CLI
| Command Used | Terminal Used | Purpose |
|---|---|---|
| nmtui | CMD [MGMT] | Set the IP to 192.168.150.3/24. Change the default gateway to 192.168.150.2 |
| sudo adduser connor | CMD | Creates a user named connor |
| sudo usermod -aG sudo connor | CMD | Adds connor to the sudo group |
| sudo passwd champuser | CMD | Changes the default password of the champuser account |
| NAT Forwarding on Firewall | ||
| set nat source rule 20 description "NAT FROM DMZ to WAN" | CLI | Sets a description for the new rule |
| set nat source rule 20 outbound-interface eth0 | CLI | Applies the new rule facing outbound in order to allow for network traffic flow |
| set nat source rule 20 source address 172.16.150.0/24 | CLI | Sets the source address equal to the network address of the LAN network |
| set nat source rule 20 translation address masquerade | CLI | This command allows for the data being sent to be mapped to a forward facing network address. |
| set service dns forwarding listen-address 172.16.150.2 | CLI | Sets DNS to listen to the LANS default gateway |
| commit save | CLI | Saves the commands used previously |
| Installing Chrome Remote Desktop Manager | ||
| ssh-keygen | MGMT CLI | Go through generalized Setup |
| ssh-copy-id [email protected] | MGMT CLI | |
| ssh [email protected] | MGMT CLI | |
| vi /etc/rsyslog.conf | Rem-Log CLI | Comment out the following lines to decrease rule overlap issues
|
| cd /var/log | Rem-Log CLI | |
| wget https://raw.githubusercontent.com/gmcyber/sec350-share/main/03-sec350.conf | Rem-Log CLI | |
| cat 03-sec350.conf | Rem-Log CLI | |
| FW01 - Logging Events | ||
| set system syslog host 172.16.50.5 facility authpriv level info | FW01 CLI | |
| commit save | ||
| exit exit, Reloggin | ||
| Log Server Commands - Install Tree | ||
| repo_file=/etc/yum.repos.d/CentOS-Base.repo | ||
| cp ${repo_file} ~/CentOS-Base.repo.backup | ||
| sudo sed -i s/mirrorlist.centos.org/vault.centos.org/ ${repo_file} | ||
| sudo sed -i s/mirror.centos.org/vault.centos.org/ ${repo_file} | ||
| sudo yum clean all | ||
| sudo yum install tree | ||
| cd /var/log/remote-syslog/fw1-East | ||
| clear | ||
| tree | ||
| cat 2025.01.31.login.log | grep FAILED |