📕 SYS 255 - tconklin-champlain/Tech-Journal GitHub Wiki

Pfsense Virtual Firewall & Windows 10 Configuration

Quick Setup:

Pfsense Default Credentials
Username: admin
Password: pfsense
  1. Assign interfaces
  2. Setup interface IP address
  3. Navigate to firewall ip to finish setup

Domain Name Server

Setting up DNS feature in ADDS:

  1. Select Active Directory Domain Services
  2. Add Features
  3. Pick Active Directory Domain
  4. Continue through deployment
  5. Sign in as Domain Admin

Adding a DNS record:

  1. Open DNS Manager
  2. Expand Foward Lookup Zones
  3. Add a New Host on your domain
    OR
  4. Expand Reverse Lookup Zones
  5. Add a New Zone

Creating Named Domain User:

  1. Select ADDS
  2. Choose Active Directory Users & Computers
  3. Under Users Select 'New User'
    AND OR
  4. Add them to Domain Admins group to become a admin.

Joining a PC to a domain:

  1. Control Panel -> System & Security
  2. System -> System Properties
  3. Change Domain

💡 Best to create two accounts, one with admin privileges and one without.

Linux Network Configuration

File Permissions:

Command Description
nmtui Network Manager Text User Interface
useradd Adds New User
passwd Adds Password for User
usermod -aG Modify and Append User's Group
groupadd Add New Group
chgrp Change Group
systemctl restart network Restart network

Dynamic Host Configuration Protocol

DORA:

  1. DHCP Discover
  2. DHCP Offer
  3. DHCP Request
  4. DHCP Acknowledge
    Citation

đŸ’Ŗ Time It is very important that all your Windows systems are on the same timezone and have accurate time with respect to one another. Windows authentication is sensitive to differences in time.

Active Directory Domain Services

Organizational Unit Creation:

  1. Server Manager -> Local Server
  2. Active Directory Users & Computers
  3. Select Domain -> New OU

Group Policy Enforcment:

  1. Active Directory Users & Computers
  2. Groups -> Group Policy Managment
  3. Select Folder -> Create a GPO

Practical Assessment 1

Remote Administrator Tools

Enable Remote Administration On Windows Server:

  1. On Windows Server type sconfig
1. Enable *Configure Remote Managment* > 💡 *Remote Administration in an enterprise environment would likely not be done on the domain controller, but rather a Domain Joined workstation or server with Remote Server Administration Tools installed.*

Apache Lab

Disable root SSH Access:

  1. Disable remote root ssh access within the PermitRootLogin no flag in /etc/ssh/sshd_config file. ssh_disable
  2. Type service sshd restart to finalize settings.

đŸ’Ŗ CentOS and other Redhat based Linux servers ship with SSH turned on. This combined with a known "root" user who is able to attempt login remotely presents a security flaw that must be addressed by the systems administrator before the system is accessible over the internet. The typical solution involves explicitly preventing root from logging in via the sshd_config file.

Properly Securing SSH:

Setting Up sshd_config File

Linux Domain Join:

  1. Install realmd 
    sudo yum install realmd samba samba-common oddjob oddjob-mkhomedir sssd
  2. Join The Domain 
    realm join --user=[email protected] yourdomain.local, realm list

💡 Note, if your time is not consistent across Windows and Linux, then you will likely have problems. Timezone can sometimes be a problem.

Apache Installation / Firewall Configuration:

  1. Installing Apache
  2. Configuring Apache:

All the configuration files for Apache are located in /etc/httpd/conf and /etc/httpd/conf.d.

  1. Add Port to Firewall firewall-cmd --permanent --add-port=port_id/protocol
  2. Firewall Config Commands
    firewall-cmd --list-all
    firewall-cmd --add-service=(http,https,httpd)
    firewall-cmd --reload
⚠ī¸ **GitHub.com Fallback** ⚠ī¸