Week 12 Project Status Update - ricky-ninh/tech-journal-SEC-440-01SL GitHub Wiki

This week, I worked on setting up DNS RPZ, Suricata, and Squid Proxy Server. I ran into issues with Suricata where Suricata couldn't find the interface of client1 where I'm hosting Webmin. Suricata isn’t able to retrieve logs of the stock ruleset even though I set it to point to the interface of client1. The error message is below.

Following the DNS RPZ guide, I’m unable to create the blocked zones file and create the script file for the updated blacklist. I'm not sure if I previously set up BIND DNS as root on dc1 and if that is causing the errors when creating those files.

Once I get DNS RPZ and Suricata working and figure out how to set up SSL proxy and show logs for it using Squid, then I’ll work on setting up modsecurity and work on configuring CIS benchmarks for Rocky Linux.