Lab 3.1: Segmentation - squatchulator/Tech-Journal GitHub Wiki

Lab 3.1 - Segmentation

Configure Wks01

  • Set hostname to wks01-yourname & add a new named user to the administrator group.
  • Set network settings:
    • IP address: 172.16.150.50
    • Netmask: 255.255.255.0
    • Gateway: 172.16.150.2
    • DNS: 172.16.150.2

Update Fw01 LAN configuration

  • Add another network adapter for MGMT
set nat source rule 30 description "NAT FROM MGMT to WAN"`
set nat source rule 30 outbound-interface eth0
set nat source rule 30 source address 172.16.200.0/28
set nat source rule 30 translation address masquerade`
commit
save

Configuring Fw-mgmt

  • Set adapters to LAN & MGMT
  • To set the hostname:
set system host-name fw-mgmt-yourname
commit
save
exit (until you get to login prompt)
  • To configure interfaces:
delete interfaces ethernet eth0 address dhcp
delete interfaces ethernet eth1 address dhcp
set interfaces ethernet eth0 description SEC350-LAN
set interfaces ethernet eth1 description SEC350-MGMT
set interfaces ethernet eth0 address 172.16.150.3/24
set interfaces ethernet eth1 address 172.16.200.2/28
set protocols static route 0.0.0.0/0 next-hop 172.16.150.2
set protocols rip interface eth0
set protocols rip network 172.16.200.0/28
set service dns forwarding allow-from 172.16.200.0/28
set service dns forwarding listen-address 172.16.200.2
set service dns forwarding system
set system name-server 172.16.150.2
commit
save

Configure Mgmt02

  • Put the adapter on the MGMT network
  • Add a named admin user and change the hostname to yourname-mgmt02
  • Network settings:
    • IP Address: 172.16.200.11
    • Netmask: 255.255.255.240
    • Gateway: 172.16.200.2
    • DNS: 172.16.200.2

Setting up RIP on Fw01 and Fw-mgmt

  • Fw01:
set protocols rip interface eth2
set protocols rip network 172.16.50.0/29
  • Fw-mgmt:
    • See "To configure interfaces"

Setting up Wazuh

  • Set interface to be on Mgmt network
  • Set hostname with sudo hostnamectl set-hostname yourname-wazuh
  • Create new user with sudo adduser miles & sudo usermod -aG sudo miles
  • Logout & log back in
  • Edit the netplan config:
    • sudo nano /etc/netplan/00-installer-config.yaml
network:
  ethernets:
    ens160:
      dhcp4: false
      link-local: []
      addresses:
        - 172.16.200.10/28
      routes:
        - to: default
          via: 172.16.200.2
      nameservers:
        addresses:
          - 172.16.200.2
version 2
  • sudo netplan apply

Updating Client Logging Configs

  • On Web01:
    • cd /etc/rsyslog.d
    • sudo rm sec350.conf
  • On Fw01:
 configure
 delete system syslog host 172.16.50.5
 commit
 save
 exit