Lab 1.1 Routing and DMZ - devinziegler/Devin-Tech-Journal GitHub Wiki

Lab Overview:

This lab acted as an initial setup of the SEC-350 environment. The Following systems will have a base network config and be able to communicate with each other.

rw01 - Xubuntu system that sits outside the network.

fw01 - vyOS system that acts as the router in the network, a separate page has been created going over initial setup and helpfull commands, this page can be found here.

web01 - Rocky system that hosts web server, this system sits inside the DMZ

log01 - Rocky system that logs activity on the network, for know this system is inside the DMZ.

All system Checklist:

  1. Change default password often root password.
passwd root/champuser
  1. Set system hostname e.x.
hostnamectl set-hostname <hostname>
  1. Create a new named user e.x. (give them sudo permissions optional)
useradd <username> 
passwd <username> 
usermod -aG wheel <username>

For debian based distros use sudo instead of wheel

  1. Properly network the system. This in xubuntu this can be done via GUI or netplan. For Rocky or RHEL based systems, use the nmtui text UI.

Firewalld refresher

Rocky uses firewalld as the system firewall. Here is a refresher or firewalld commands:

  1. Allowing a port:
firewall-cmd --add-port=<port_number>/<protocol> --permanent
  1. Applying firewalld commands:
firewall-cmd --reload

Firewalld commands will not take affect until the firewall has been reloaded.

Settings Static Routes

  1. rw01 needs to forward DMZ traffic to the WAN gateway, edit the network GUI and add this route:
Address Netmask Gateway
<DMZ_network> <DMZ_netmask> <WAN_address_onfw01>

Configure rsyslog

  1. Configure ports for log01 / the system that will receive logs:
firewall-cmd --add-port=514/udp --permanent
firewall-cmd --reload
  1. Uncomment the following lines from the config at /etc/rsyslog.conf 
$ModLoad imudp
$UDPServerRun 514

$ModLoad imtcp 
$InputTCPServerRun 514

  1. Setup the client by first installing rsyslog using the given package manager.

  2. On the client, make a new config file in /etc/rsyslog.d/<name>.conf and add the following line:

user.notice @<log_server_address>
  1. Test the client and server my sending a message from the client:
logger -t test <MESSAGE>
  1. Look at the incoming message on the log server using by tailing /var/log:
tail -f /var/log/messages

Tech Journal Home

Repo QuickLink

⚠️ **GitHub.com Fallback** ⚠️