Sec350 Midterm Assessment Prep - Zacham17/my-tech-journal GitHub Wiki

IMPORTANT NOTES:

  • Get all communications working BEFORE creating zones and locking down the firewalls.
  • Make sure to link your firewalls to the appropriate From and To zones.
  • Restart services when changing configuration files
  • --permanent flag on centos firewall configurations
  • Make sure you have the correct netmask on all Linux systems.

Edge01 Configuration

  • Use Network Interfaces - WAN, DMZ, and LAN
  • Set Hostname: set system host-name edge01-zachary
  • Adding Admin User in vyos:
set system login user zachary full-name "Zachary Morris"
set system login user zachary authentication plaintext-password examplepassword
set system login user zachary level admin
commit
save
  • Network Config:
set interfaces ethernet eth0 address '10.0.17.133/24'
set interfaces ethernet eth0 description 'SEC350-WAN'
set interfaces ethernet eth1 address '172.16.50.2/29'
set interfaces ethernet eth1 description 'ZACHARY-DMZ'
set interfaces ethernet eth2 address '172.16.150.2/24'
set interfaces ethernet eth2 description 'ZACHARY-LAN'
  • NOTE: ADDRESSES MAY BE DIFFERENT
  • Set Routing(for Internet Access):
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2

Create Firewalls

set firewall name DMZ-to-LAN default-action 'drop'
set firewall name DMZ-to-LAN enable-default-log

set firewall name DMZ-to-WAN default-action 'drop'
set firewall name DMZ-to-WAN enable-default-log

set firewall name LAN-to-DMZ default-action 'drop'
set firewall name LAN-to-DMZ enable-default-log

set firewall name LAN-to-WAN default-action 'drop'
set firewall name LAN-to-WAN enable-default-log

set firewall name WAN-to-DMZ default-action 'drop'
set firewall name WAN-to-DMZ enable-default-log

set firewall name WAN-to-LAN default-action 'drop'
set firewall name WAN-to-LAN enable-default-log

Set Zones:

set zone-policy zone DMZ from LAN firewall name 'LAN-to-DMZ'
set zone-policy zone DMZ from WAN firewall name 'WAN-to-DMZ'
set zone-policy zone DMZ interface 'eth1'

set zone-policy zone LAN from DMZ firewall name 'DMZ-to-LAN'
set zone-policy zone LAN from WAN firewall name 'WAN-to-LAN'
set zone-policy zone LAN interface 'eth2'

set zone-policy zone WAN from DMZ firewall name 'DMZ-to-WAN'
set zone-policy zone WAN from LAN firewall name 'LAN-to-WAN'
set zone-policy zone WAN interface 'eth0'

NAT for nginx

set nat destination rule 10 description 'HTTP->nignx01'
set nat destination rule 10 destination port '80'
set nat destination rule 10 inbound-interface 'eth0'
set nat destination rule 10 protocol 'tcp'
set nat destination rule 10 translation address '172.16.50.3'
set nat destination rule 10 translation port '80'

Nginx01 Configuration

  • Use Network Interface - DMZ
  • Set Hostname: hostnamectl set-hostname viveks-laptop, then hostnamectl
  • Add sudo user: useradd zachary, then usermod -aG sudo zachary
  • Network Config:
network:
  ethernets:
    ens160:
      addresses:
        - 172.16.50.3/29
      dhcp4: false
      gateway4: 172.16.50.2
      nameservers:
        addresses:
          - 172.16.50.2
  version: 2

Install nginx:

sudo apt update
sudo apt install nginx
  • Edit /var/www/html/index.html:
<!doctype html>
<html>
<head>
    <meta charset="utf-8">
    <title>nginx01 Test Page</title>
</head>
<body>
    <h1>Zach nginx01 Test Page</h1>
    <p>The is a test page for nginx01</p>
</body>
</html>

Run command: systemctl restart nginx

DHCP01 Configuration

  • Use Network Interfaces - LAN
  • Set Hostname: hostnamectl set-hostname HOSTNAME, then hostnamectl
  • Add sudo user: useradd zachary, then usermod -aG sudo zachary
  • Network Config:
network:
  ethernets:
    ens160:
      addresses:
        - 172.16.150.5/24
      dhcp4: false
      gateway4: 172.16.150.2
      nameservers:
        addresses:
          - 172.16.150.2
  version: 2

DHCP Server Setup:

sudo apt install isc-dhcp-server

  • Edit /etc/dhcp/dhcpd.conf:
# a simple /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
authoritative;
 
subnet 172.16.150.0 netmask 255.255.255.0 {
 Range 172.16.150.100 172.16.150.150;
 option routers 172.16.150.2;
 option domain-name-servers 172.16.150.2;
}
  • Set DHCP Port in /etc/default/isc-dhcp-server:
    • Change the line: INTERFACESv4="eth0"
  • Restart dhcp server: suso systemctl restart isc-dhcp-server

Wazuh Agent on Ubuntu Commands

curl -so wazuh-agent-4.3.10.deb https://packages.wazuh.com/4.x/apt/pool/main/w/wazuh-agent/wazuh-agent_4.3.10-1_amd64.deb && WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' dpkg -i ./wazuh-agent-4.3.10.deb

Traveler Configuration(replaces rw01)

  • Use Network Interfaces - WAN
  • Set Hostname: User Windows GUI
  • Add local Admin User
  • Network Info before DHCP:
    • IP: 10.0.17.33
    • Netmask: 255.255.255.0
    • Gateway: 10.0.17.133

Passwordless SSH from Windows to Linux:

Powershell:

ssh-keygen -b 4096 
Get-WindowsCapability -Online | Where-Object Name -like 'OpenSSH*'
Add-WindowsCapability -Online -Name OpenSSH.Client~~~~0.0.1.0
Add-WindowsCapability -Online -Name OpenSSH.Server~~~~0.0.1.0
Start-Service sshd
  • Copy public key from windows to linux
⚠️ **GitHub.com Fallback** ⚠️