Lab 2.2 Syslog Organization on log01 - Cyber-JL/SEC-350-01 GitHub Wiki

Log01

  1. edit /etc/rsyslog.conf to match the following:

2023-01-23 15_13_33-VMware Horizon

  1. Custom rsyslog drop in file

    1. install wget

      sudo yum install wget -y

    2. change directories to /etc/rsyslog.d/ using the link https://raw.githubusercontent.com/gmcyber/sec350-share/main/03-sec350.conf run wget

      cd /etc/rsyslog.d/ wget https://raw.githubusercontent.com/gmcyber/sec350-share/main/03-sec350.conf

  2. restart rsyslog and run the following command

     sudo systemctl restart rsyslog
 ls -lR --color /var/log/remote-syslog

  3. on web01 run the following

FW01

Configuring fw01 for NAT and DNS Forwarding on fw01 (LAN)

  1. To configure fw01 for NAT and DNS Forwarding on fw01 run the following commands:

    configure
set nat source rule 20 description "NAT FROM LAN to WAN"
set nat source rule 20 outbound-interface eth0
set nat source rule 20 source address 172.16.150.0/24
set nat source rule 20 translation address masquerade
commit
save
exit

Configuring fw01 for DNS forwarding(LAN)

  1. to configure fw01 for DNS forwarding run the following commands:

    configure
set service dns forwarding listen-address 172.16.150.2
set service dns forwarding allow-from 172.16.150.0/24
set service dns forwarding system
commit
save
exit

Logging Authorization Events

  1. adjust the vyos configuration to send authentication messages from fw01 to log01

    configure
set system syslog host 172.15.50.5 facility authpriv level info
commit
save

  2. Exit out of vyos repeatedly until login

How to change password:

  1. Restart machine
  2. when presented with the VyOS GNU GRUB console screen, choose the *Lost password change option
  3. from there it will ask if you want to reset the password and you just follow the prompts from there.

web01

  1. test Log01 Organization

    logger -t SEC350 Testing web01->log01 custom rsyslog configuration

  2. Logging Authorization Events

    1. In /etc/rsyslog.d/sec350.conf add the following:

    2023-01-23 15_59_27-Lindale_ Lab 2 2 - Syslog Organization on log01 - Google Docs

  3. restart rsyslog

  4. SSH into web01 from mgmt01

MGMT01

Initial setup

  1. Networking
    1. mgmt01 should be on the lan interface

2023-01-23 15_03_52-VMware Horizon

  1. next is to give the machines its assinged ip address and change the hostname to mgmt01-jude

2023-01-23 15_05_18-VMware Horizon

  1. disconnect and reconnect the network

  2. create a new user

    adduser jude
passwd jude
usermod -aG sudo jude

  3. logout and login to newly created account

  4. open google and go to remotedesktop.google.come/access

  5. install the remote destkop add-on

  6. create a new remote desktop called mgmt01

  7. create a NAT source rule for LAN on fw01

  8. in a remote desktop session ssh into log01 from mgmt01 2023-01-23 15_11_13-Lindale_ Lab 2 2 - Syslog Organization on log01 - Google Docs