SEC 350 Lab 6.1 Port Forwarding & Jump Boxes - DefiantCoder/Tech-Journals GitHub Wiki

Netplan Configuration

Netplan Config

Port Forwarding & firewall adjustments

image

image

Jump Passwordless user

sudo adduser --disabled-password adam-jump

Key based ssh to jump box

image

  • By running ssh-keygen on rw01 you create your key, you then must transfer this to the desired box for passwordless ssh, this can be done through scp or copy and paste. Next make sure there is ~/.ssh directory with 700 permissions. Make sure to run the command chown -R jump-adam:jump-adam /home/jump-adam.ssh to have your jump user own the directory and the file you will make. Next create an authorized_keys file where you will input your public key. It should be given 600 permissions. Now you can cat or copy and paste your pub key into authorized_keys and run the command, echo "PubkeyAuthentication yes" >> /etc/ssh/sshd_config before using systemctl restart sshd to ready yourself for paswordless sshing

Agent installation

  • To grab the latest version of Wazuh run the following commands on mgmt01 and use scp to transfer it to jump
curl -so wazuh-agent-4.3.10.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.3.10-1_amd64.deb
scp -i .ssh/jump-key wazuh-agent-4.3.10.deb [email protected]

image

  • On jump as your named sudo user run the following to install and start wazuh
sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' dpkg -i ./wazuh_installer.deb
sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent
sudo systemctl start wazuh-agent

Reflection:

Most of this lab was great and intuitive, though I encountered Major difficulties surrounding the ssh enabling from rw01 to jump, I spent hours trying to find what caused the issue but to no avail. The key securely made it's way into the correct file with permissions but I cannot seem to resolve the issue. It most likey stems from a simple problem but It has caused me great difficulty. When this issue is resolve I will append this but currently I have tried multiple different methods to get passwordless ssh and checked both my nat and firewall rules to see if the issue is there but have found nothing

image