Assessment 1 Prep Guide

Topology

New Devices

• traveler02 - WAN workstation
• edge02 - LAN,WAN,DMZ firewall
• nginx02 - DMZ web server
• dhcp02 - LAN DHCP

Requirements

• All systems should have an accurate hostname. (DONE)
• All Linux systems should have a named sudo or administrator user. (DONE)
• The two new ubuntu systems do not have a host firewall enabled, this is ok (for now) (DONE)
• wks1, mgmt01 should be able to surf the internet.
• wks1, mgmt01 should be able to navigate to nginx01
• mgmt01 should be able to ssh to nginx01
• nginx01 and dhcp01 should have wazuh agents installed and be able to connect to wazuh (DONE)
• nginx01 should have a custom web page (practice this on jump) (DONE)
• traveler should be able to get to nginx01's custom test page by navigating to edge01's WAN IP address.
• traveler should be able to perform ssh keybased authentication with jump. Traveler is a Windows box, but ssh on powershell is nearly exactly the same as linux to include key generation. You will need to add a new public key to authorized_keys.
• dhcp01 should serve a pool of dhcp addresses to the LAN from .100 to .150. (DONE)
• WKS1 should use dhcp addressing (DONE)

Tips

• Do firewall last so it doesn't mess with things

Configurations

Firewall Configuration (edge02)

Network & Interface Configuration

• Initialize the interfaces using vyos commands
• SCP the network configuration to edge02 and load [filename]

Firewall Rulesets & Zones

• Ensure everything is set up before applying rulesets!
• SCP the rulesets configuration to edge02 and load [filename]

Web Server Configuration (nginx02)

Network Configuration

• edit using sudo nano /etc/netplan/00-installer-config.yaml

Nginx Installation

• sudo apt-get update
• sudo apt-get install nginx

Nginx Configuration

• sudo nano /var/www/html/index.html and make the page
• sudo nano /etc/nginx/sites-enabled/default and change the index section to index index.html
• save the file and restart nginx

Wazuh Agent Configuration

• Use the Wazuh dashboard and go to "Deploy Agent"
• Fill in the information (SERVER IP ADDRESS IS FOR THE WAZUH SERVER, NOT AGENT)
• • If you misconfigure, go to /var/ossec/etc/ossec.conf to fix it manually
• Run the commands & Refresh the agent dashboard

DHCP Configuration (dhcp02)

Network Configuration

• edit using sudo nano /etc/netplan/00-installer-config.yaml

DHCP Installation

• sudo apt-get update
• sudo apt-get install isc-dhcp-server

DHCP Configuration

• sudo nano /etc/dhcp/dhcpd.conf
• Add the following configuration:

• Save the file and use systemctl restart isc-dhcp-server

Wazuh Agent Configuration

• Use the Wazuh dashboard and go to "Deploy Agent"
• Fill in the information (SERVER IP ADDRESS IS FOR THE WAZUH SERVER, NOT AGENT)
• • If you misconfigure, go to /var/ossec/etc/ossec.conf to fix it manually
• Run the commands & Refresh the agent dashboard

Workstation Configuration 1 (traveler02)

Network Configuration

• Network & Settings 0 -> Change adapter settings -> Ethernet0 -> IPv4

Hostname Configuration

• About PC -> Rename this PC -> traveler01-eamon -> Restart now

User Configuration

• lusrmgr.msc --> create user
• Properties --> Member of --> Add --> Administrators

Workstation Configuration 2 (wks01)

DHCP configuration

• Go to network adapter --> IPv4 --> Automatically get IP address
• Check via ipconfig /all
• If it hasn't released old IP address, do ipconfig /release then ipconfig /renew

passwordless Windows SSH Key Generation

• Open Powershell and run the command ssh-keygen and fill out the following information to create the keypair:

• Navigate to the Location to ensure they are there:

• Then SCP the public key to the .ssh directory on the linux device and name the file "authorized_keys"

• Then attempt an SSH from wks01 to the linux machine using the -i to specify the key authentication:

Troubleshooting

• If you are having issues connecting to wazuh and networking seems right, use firefox as the browser.

Sources

• https://nginx.org/en/docs/beginners_guide.html