Lab 1.1 Routing and DMZ

1. First is to make sure that web01 is set to the right network adapter in this case it should be SEC350-01-DMZ-jude.lindale
2. like the other machines web01 will need it IP address and hostname changed which can be done via nmtui, as well as a new sudo user and to change the passwords for root:

RSYSLog

1. Install rsyslog by running the following command:

   sudo yum install rsyslog -y
   

2. Allow port 514/UDP and 514/TCP throught the firewall:

   firewall-cmd --permanent --add-port 514/tcp
   firewall-cmd --permanent --add-port 514/tcp
   firewall-cmd --reload
   

3. Then edit rsyslog.conf to receive syslog messages via the specifed ports:

    vi /etc/rsyslog.conf
   

4. Then check if rsyslog is listening:

   netstat -tupan | grep 514
   

Lab 2.1 Standardizing on Time

To change the time and date we do the following:

1. check the current time and data formate by running

this will show the time and date formate of syslogs

   logger -t test time10nlog01
   sudo cat /var/log/messages | grep ttime10nlog01

1. To change the formate of the time and date of the syslog edit and comment out the following:

   vi /etc/rsyslog.conf
   

1. Then restart rsyslog

     sudo systemctl restart rsyslog
   

2. Test to see if it worked

Lab 2.2 - Syslog Organization on log01

Log Organization

1. edit /etc/rsyslog.conf to match the following:

1. Custom rsyslog drop in file

   1. install wget

      sudo yum install wget -y

   2. change directories to /etc/rsyslog.d/ using the link https://raw.githubusercontent.com/gmcyber/sec350-share/main/03-sec350.conf run wget

      cd /etc/rsyslog.d/ wget https://raw.githubusercontent.com/gmcyber/sec350-share/main/03-sec350.conf

2. restart rsyslog and run the following command

    sudo systemctl restart rsyslog
    ls -lR --color /var/log/remote-syslog
   

3. on web01 run the following