SYS255 - DerekFar/DerekJournal GitHub Wiki

Lab 01 - Virtual Firewall and Windows 10 Configuration

I made sure the interfaces were assigned in the same order in the fw01 as they were in the VMware config. Renamed the WAN to em0 and the LAN to em1. Setup the interface IP addresses for both WAN & LAN using 24 bit subnet mask, entering upstream gateway and IP. Did not use DHCP, IPv6 or HTTP. LAN IP can be the same for everybody while the WAN needs to be unique to each computer. I struggled to get to the IPv4 properties on the Windows machine. To get there you go to the Control Panel-> Network & Internet-> Network & Sharing Center-> look for active network connection and press in the blue-> Properties-> find IPv4 and finally click Properties.

I had never heard of pfSense before but it is just an open source firewall (fw01) that allowed me to connect to the internet on the Windows machine. On the pfsense website they describe how the firewall is free and includes a web interface for quick configuration. They also note that you dont need any prior UNIX knowledge to get your firewall running!
WAN is a wide area network. According to Cisco a WAN is simply a collection of LANs that communicate with one another. Tehy allow devices to connect from multiple locations across the globe. A network adapter is hardware that is the interface that allows communication over the network with multiple computers.

Lab 02 | DNS + ADDS Role

In this lab I used the server manager to configure the host and network configurations. I used the whoami command to confirm the hostname and pinged google to ensure that I had internet connection. I also installed Active Directory Domain Services through the Server Manager. Configured my server to be the primary domain controller. After the lengthy install, I had to change DNS address in the TCP/IPv4 properties. Using the DNS manager I added fw01-derek as a PTR record. Then a created a reverse DNS by selecting the New Zone options from the right-click context menu. I also added the workstation computer to the new domain.

The active directory is a very helpful tool that allows for computers to be connected to a domain and you can also create different users that can hold different privileges such as admin or just a normal user through using the "member of" tab while in the properties of the specific acount. The active directory is not only helpful but very powerful, you can even change what computer has domain control!

A Domain Name Server aka DNS is helpful so you dont need to manually assign IPs with hostnames. Using the DNS manager I set up one new hosts fw01-derek and set up a reverse lookup zone. Unlike a forward lookup zone that maps a domain with its IP a reverse lookup zone maps an IP address to its domain. A top-level domain (TLD) is a domain that is at the highest level of hierarchical order in DNS.

Lab 03 | Linux

In this lab I configured a CentOS Linux machine (dhcp01). Configured the network through nmtui, used the 'usermod -aG wheel derek' comamnd to add myself as a privileged user. Pinged systems inside and outside of my network. Also I added the dhcp01 machine to the DNS config on the ad01 machine. The rest of the lab was testing out basic commands like ls and pwd.

The only issue I ran into this lab was I forgot to change the IPv4 config to manual instead of automatic. After fixing it via nmtui my pings worked just fine.

The cmp command is used to compare two files and see if the files are identical or not. If they are not identical it will say at what byte and line the mismatch was found. If they are the same it will print they are identical. I ran the command 'cmp yum.conf passwd' and the result was "yum.conf passwd differ: byte 1, line 1". The tar command is used to create and extract archived files. The command 'tar cvf test.tar *.d' would create a tar file "test.tar" that is the archive of all the .d files in your current directory. This command seems very helpful for zipping and unzipping files. The free command is used to display the current memory usage of the system. When you run the command free it shows the total amount of memory, the amount being used, the amount of free memory, shared memory, buff/cache memory and the available memory.

Lab 04 - DHCP

In this lab I installed and configured a Linux DHCP services on dhcp01.derek.local domain. I installed PuTTY on my ad01 machine and used it to SSH into my dhcp server. I set the hostname to dhcp01-derek and typed dhcp01-derek into the saved sessions, then I saved it and loaded it up! I installed dhcp using 'sudo yum install dhcp'. Used the sudo -i command to become the system user and opened the dhcp config file using vi /etc/dhcp/dhcpd.conf. Added subnet, netmask, routers, domain name, domain name servers and range information and then saved and exited. Then I started the dhcpd service using systemctl and enabled it to start on boot. Configured the firewall to allow DHCP requests with 'firewall-cmd --add-service=dhcp --permanent'. On the WKS01 machine changed networking to use dynamic addressing.

DHCP discover is when the client sends a broadcast message with the sole purpose of finding a DHCP server. In a wireshark packet the source IP is 0.0.0.0 because the client does not have a configured IP yet but hopefully if there is a DHCP server soon enough the client will be assigned an IP! The destination IP is 255.255.255.255 which is the broadcast address. The host name of the machine and the requested IP address are apart of the packet. Also a list of required parameters are sent including subnet mask, DNS and domain name.

DHCP release tells the DHCP client to release the IP address configuration data and remove the configuration from the interface. For example if the client doesnt need its IP any more it will cast a release message to the DHCP server. In wireshark the source IP is from the machine and the destination is the DHCP server. The source port comes from 68 and the destination is to port 67.

DHCP offer is a broadcasted message from the DHCP server message saying it received the discover message and it is offering an IP lease. In wireshark the source IP is from the DHCP server with the destination being the newly assigned leased IP of the client. Inside the packet it includes the lease time, domain name, DNS, subnet mask and router.

Linux File Permission

In this lab I created three new users (Fred, Bob, Alice) and two groups (Marketing, Management). I worked on file access control within the groups to allow only the marketing group Bob and Fred to have access to a file within the marketing directory. I also made the marketing directory group be Marketing. I also made it so Fred was the owner of the file and changed the permission so only he could modify the file. In the management directory I set the group to Management. I created a file that only Alice and the management group could access.

To create groups in linux you user the groupadd command followed by the name of the group ex: 'groupadd marketing'.

To add group members use usermod command followed by -aG then the group name followed by the user you want to add. ex: 'usermod -aG marketing bob'.

To adjust the rwx directory and file permissions you use the chmod command followed by which type you want to change either a for all, u for owner, g for group and o for other. Then either a plus or minus sign if you want to give or take which permission (r,w,x) ex: 'chmod g-w /marketing/test.txt' would take the groups permission of writing in the file test.

Securing SSH

To secure SSH from remote root access on Centos you navigate and open the sshd config file with the command 'vi /etc/ssh/sshd_config'. Once in the file look for PermitRootLogin, change yes to no 'PermitRootLogin no' and remove the # so its not just a comment. After doing that save and exit the file. Finally restart the sshd service with the command 'systemctl restart sshd'.

Lab 05 - ADDS and Group Policy

In this lab I created an organizational unit in the domain, created a group policy that disabled showing last login user and applied settings to groups and computers in the OU. In server manager created OU by going to local server -> tools -> active directory users and computers. Once in there right click on the domain, go to new then choose organizational unit, I named it SYS255 and created 3 child OU within it. Made three users within the accounts OU and moved WKS01 from the yourname.local\Computers Folder to the SYS255\Computers. In the group OU I added a secuirty group custom-desktop with 2 users in side. Next I made a user policy tool-> Group Policy Management, selected SYS255 OU and creates a group policy called sys255-desktop, then right-click on it and edited. Change who it applies to just users who are members of the custom desktop security group and domain computers (removed authenticated users). In the delegation tab DENY 'apply group policy'. Then I tested it worked by nuking the recycling bin. I created a computer policy by making a new GPO in the computers OU and turned the security filter on policy 'DisableLastLogin' to not display last user name.

My plan for this weeks assessment is to review the labs and draw out a gameplan to follow. I plan to use my github alot to help navigate me through the assessment. First ensure the wiring is correct on all machines (LAN on network adapter 1 for all machines EXPECT fw01 which should have WAN on adapter 1 and LAN for adapter 2. Next I will assign the interfaces through fw01, set interface IPs. After the network is configured I will connect the wks01 to the network. Connect ad01 to the internet, use server manager to install ADDS role ->manage -> add roles and features and choose Active Directory Domain services -> add features _active directory domain services. Promote ad01 to be the primary domain controller for the domian. Create new forest root domain derek.local, add DNS record by using DNS manager from Server Manager/DNS/AD01 menu. Make new host FORWARD LOOKUP, A and update associated PTR record. Reverse Lookup zone for A record of fw01, dhcp01 and ad01. After creating named domain users I will connect wks01 to the domain. Connect dhcp01 to the network using nmtui https://drive.google.com/file/d/159rkSPeDkNa1tEDCzLfifZNbSoiXVGUq/view. next, I will install DHCP services through putty on ad01 machine and remote into the dhcp01 machine.

Lab 06 - Lab Server Core & Remote Administrator Tools

In this lab I setup a Windows 2019 server core machine to act as a file server (FS01). I also connected to the new server FS01 from AD02 using RSAT. First I set up the basic networking using sconfig and wired the machine. I changed the hostname, joined the server to the domain and set IP address, Default gateway, subnet mask and DNS server. On AD02 Add Roles and Features -> Features -> Role Admin Tools -> File Service Tools -> check File Server Resource Manager Tools and install. Next I added FS01 in the server manager. Next I created a OU structure called SYS255 with 3 OU groups inside, Computers, Users and Groups. I created a global security group in groups OU and added two users in the users OU and added one to the security group. From the server manager, FS01 Add Roles and Features -> Server Roles -> File and Storage Services -> File and iSCSI Services -> check and install File Server & File server Resource Manager. From server manager, I created a new share on FS01 called Sales and only allowed the security group Sales-users to view it, everyone else could not view it or write.

DHCP is Down!

In this lab the DHCP server was stolen from the server room so I had to deploy a new DHCP on Windows and I configured to work the same way as the one that was stolen. The first thing I did was give the WKS machine a static IP so that machine could continue to connect to the network while I set up the DHCP server.

In the server manager, I installed the DHCP server on the FS01 machine, I also installed the feature "DHCP server Tools" on the FS machine from the server manager (AD). On the AD server Add Roles and Features -> Features -> remote Server Admin Tools -> Role admin Tools -> DHCP Server Tools. Then I opened the DHCP features I just installed on AD, Action -> Add Server -> This authorized DHCP server which is the FS01 machine. Then I made the scope between 10.0.5.150 to 10.0.5.175. After doing this the DHCP is set up and on the WKS machine I changed the network connection back to automatically find IP/DNS server.

Apache Lab Linux Domain Join

In this lab I joined web01 server to the AD domain. From from AD machine I ssd'd into the linux web01 server and installed realmd with the following command "sudo yum install realmd samba samba-common oddjob oddjob-mkhomedir sssd". Next I used the command "realm join --user=[email protected] derek.local" to join the domain. Just like that and the web01 server is now apart of the domain!

Apache Lab Apache installation & firewall-cmd configuration

To install Apache I used the command "yum install httpd". I added the ports 80/tcp and 443/tcp to the firewall with the following command "firewall-cmd --permanent add-port=80/tcp". I did basically the same command for 443 but changed the 80 to 443. After I added the ports, I reloaded the firewall to ensure the changes were in effect with the command "firewall-cmd --reload".