SEC 350:Lab 10.1 - WanderlustPenguin/Charles-Tech-Journal GitHub Wiki

Firewall setup

  • set firewall name LAN-to-MGMT rule 40 action 'accept'
  • set firewall name LAN-to-MGMT rule 40 description 'AD to MGMT02'
  • set firewall name LAN-to-MGMT rule 40 destination address '172.16.200.11'
  • set firewall name LAN-to-MGMT rule 40 protocol 'tcp_udp'
  • set firewall name LAN-to-MGMT rule 40 destination port '53,88,123,135,137-139,389,445,464,636,686,3268,3269'
  • set firewall name LAN-to-MGMT rule 40 source address '172.16.150.0/24'
  • set firewall name LAN-to-MGMT rule 41 action 'accept'
  • set firewall name LAN-to-MGMT rule 41 description ‘RPC ports’
  • set firewall name LAN-to-MGMT rule 41 destination address '172.16.200.11'
  • set firewall name LAN-to-MGMT rule 41 protocol 'tcp_udp'
  • set firewall name LAN-to-MGMT rule 41 destination port '49152-65535'
  • set firewall name LAN-to-MGMT rule 41 source address '172.16.150.0/24'
  • set firewall name LAN-to-MGMT rule 42 action 'accept'
  • set firewall name LAN-to-MGMT rule 42 description ‘ping between’
  • set firewall name LAN-to-MGMT rule 42 destination address '172.16.200.11'
  • set firewall name LAN-to-MGMT rule 42 protocol 'icmp'
  • set firewall name LAN-to-MGMT rule 42 source address '172.16.150.0/24'

Issues

  • struggled to set up active directory connection with WKS - solved by rebuilding the AD in a different way

  • MGMT02 doesn't have internet to download agent - I modified the firewall to temporarily give it internet access

  • RDP from MGMT02 to WKS didn't register as RDP in wazuh - didn't properly solve, so found other ways to prove what occured. For some reason the failed RDP is registered as originating from MGMT02 deeper in the log, but not the successful one.