SEC 350:Lab 1 - WanderlustPenguin/Charles-Tech-Journal GitHub Wiki

Walkthrough: https://youtu.be/JxH-qxOjzS0?si=pj51JAmTEfWI4tMO

  • sudo hostnamectl set-hostname lets you set actual names for devices

  • logger -n (logger IP) -P (port#, set up as 514) "text goes here" sends the logger a test message

FW01

  • set up network 1 WAN, network 2 DMZ, network 3 LAN

  • configure, commit, save

  • set interfaces ethernet eth(0/1/2) description SEC350-(WAN/DMZ/LAN) helps keep track of which interface connects to what

  • set system name-server 10.0.17.2 sets the gateway and DNS to the firewall

  • configure forwarding from DMZ to WAN
  • set nat source rule 10 decription "NAT from DMZ to WAN"
  • set nat source rule 10 outbound-interface eth0
  • set nat source rule 10 source address 172.16.50.0/29
  • set nat source rule 10 translation address masquerade

  • configure DNS forwarding

  • set service dns forwarding listening-address 172.16.50.2

  • set service dns forwarding allow-from 172.16.50.0/29

  • set service dns forwarding system

  • set up log forwarding

  • set system syslog host 172.16.50.5 facility all level info

  • set up firewall to work with logger
  • set firewall name WAN-to-DMZ rule 10 action accept
  • set firewall name WAN-to-DMZ rule 10 source address 10.0.17.26
  • set firewall name WAN-to-DMZ rule 10 destination address 172.16.50.3
  • set firewall name WAN-to-DMZ rule 10 protocol tcp
  • set firewall name WAN-to-DMZ rule 10 port 80

RW01

  • on WAN

  • set up another account with different password

  • go to network connection, address 10.0.17.26, netmask /24, default gateway 10.0.17.126, DNS 10.17.0.2

  • set up in terminal: /etc/netplan/01-netcf.yaml, then edit in the info in the picture {C843185C-E5E1-48C5-AB37-03D6FA985965}

  • sudo systemctl restart NetworkManager

  • ssh charlie@(ip) lets you ssh into other devices

WEB01

  • Sudo nano /etc/sysconfig/network-scripts/ifcfg-ens192 opens up network setup, change settings to picture {2E6E61C4-016B-4BA1-A7FD-66B78992BD7D}

  • httpd installation

  • yum install httpd

  • Sudo systemctl start httpd

  • Sudo stsremctl enable httpd

  • set up ports
  • sudo firewall-cmd --permanent --add-service=http
  • sudo firewall-cmd --permanent --add-service=https
  • sudo firewall-cmd --permanent --add-port=514/tcp
  • sudo firewall-cmd --permanent --add-port=514/udp
  • sudo firewall-cmd --reload
  • sudo firewall-cmd --list-all public
  • RSYS
  • sudo tum install -y rsyslog
  • sudo nano/etc/rsyslog.d/sec350.conf
  • user.notice @172.16.50.5:514

LOG01

  • set up in terminal: /etc/netplan/01-netcf.yaml, then edit in the info in the picture {5279FA7F-3B56-4961-B9CC-43AF3ADA73FB}
  • sudo systemctl restart NetworkManager
  • set up RSYS
  • sudo tum install -y rsyslog
  • sudo systemctl enable --now rsyslog
  • sudo nano /etc/rsyslog.conf
  • uncomment udp and tcp
  • sudo firewall-cmd --permanent --add-service=http
  • sudo firewall-cmd --permanent --add-service=https
  • sudo firewall-cmd --permanent --add-port=514/tcp
  • sudo firewall-cmd --permanent --add-port=514/udp
  • sudo firewall-cmd --reload
  • sudo tail /var/log/messages brings up logs

New

  • network configuration commands, crucial for ensuring the devices are accurate

  • using terminal rather than gui fixes a large portion of hard to resolve problems

  • /etc/sysconfig/network-scripts/ifcfg-ens192 allows direct editing of network information