Milestone #1: Bare Metal and setup - zacharylongo/Tech-Journals GitHub Wiki

This page relays the content and steps of Milestone #1 of NET/SEC/SYS480 milestone #1.

VM'S created

  • xubuntu-wan
  • 480-fw (firewall)

ESXI Install

  • As a note, installation steps will be largely the same for everyone, however depending on what this is hosted on, there will be variation. For instance, my original server was having issues during installation. This required the use of Rufus to format USB's and the use of GParted to clean/reformat partitions. This will likely not be the case for you, however these are items to consider.

  • DNS Server: 192.168.4.4 (and/or .5)

  • Hostname (Unique to you): "super27"

My first step was to access IPMI (connected to 192.168.7.161) and logged in to a screen similar to the screenshot below. I logged in using user "ADMIN" (Others will have cncs-sysadmin) followed by their instructor provided password.

image

From the "Remote Control" tab I selected iKVM

image

I then used the power control setting "Set power reset" to reboot. During the boot of supermicro two screens will appear, on the second screen, I pressed F11 to enter setup.

I selected my first disk as my second was having issues. Utilize the larger of the two.

image

Install in progress:

image

After successful install I would press enter to reboot. After reboot, I hit F2 to login using my root password. Hitting F2 should bring you to this config menu:

image

Under "Configure Management Network" ---> "Network Adapters" I changed the selection to vmnic1 which was my connected cable.

image

After this, I accessed IPv4 configuration and set my IP's. I made sure that my default gateway was the room gateway: 192.168.7.250.

image

Under the DNS configuration tab, I did the following. Which you should use your own hostname for.

image

Under Custom DNS Suffixes:

image

  • This concludes the basic ESXI setup. Pressing esc allows you to exit which then prompts you to apply your new changes and restart the management network. (Which you absolutely should do)

  • Navigating to my ESXI (192.168.7.37), I logged in with my credentials defined earlier.

image

Reflection: While others seem to not have had issues with this portion, I certainly did. The last person to utilize my server did not properly delete the contents of their partitions causing massive delays in the installation process. Additionally, a USB labelled "ESXI8" actually had ESXI 7 on it, which meant I needed to begin the process anew. Overall, this was extremely simple and non-labor intensive and serves as a good intro into baseline hardware configuration for ESXI. The class took quite awhile to figure out correct IP's and remediate hardware issues, however with a new professor teaching the class for the first time, this was expected.

ISOS and Networking

*Another note: I ended up installing all of the ISOS without the utilization of the jump server. It can be accessed at 192.168.3.120:8000

  • The first thing I did was rename my data store to "datastore1-super27". This can be done by clicking the storage menu on the sidebar and right clicking the datastore you wish to rename.

image

On my newly created datastore, I would create an "isos" directory. From the same storage menu, open the datastore browser and select the create directory option.

image

After this, I would enable SSH under the actions tab.

image

Next, I used the "upload" button within the datastore browser to add over the Xubuntu and VyOS Iso's.

image

Under the "Networking" tab on the sidebar ---> "Virtual Switches" I added a standard virtual switch named "480-WAN" (Making sure to remove the uplink)

image

Also under the "Networking" tab, I added a port group for the new virtual switch.

image

After this, you should now be able to see the newly created item under "virtual switches"

image

  • Reflection These steps were extremely similar to the ones I've taken in SYS-350 Enterprise Virtualization. Overall this went smoothly and I encountered no massive errors. In general, a lot of the actions I used can be accessed via right click on the box/networking tabs; this is vastly more efficient.

480-fw

From the "Virtual Machines" menu, I click "Create / Register VM" using the default creation type. I named the new view "480-fw" and set the following:

image

IMPORTANT NOTE: It's recommended that you use the lowest common denominator in ESXI environments to ensure compatibility. This means choosing ESXI6/7 if those are present in your environment.

I would then select datastore 1 as I only have one at the moment. I would highly suggest utilizing your second datastore.

image

I would also make sure to add a second network adapter in the customization menu. My final settings were as follows:

image

image

Note

  • Make sure to thin provision your storage. We do not want to waste space

I would then see the newly created VM and would power it on.

image

image

  • Default creds should be vyos & vyos

After boot, I used the Install image command

I utilized all defaults except confirming the destruction of data.

image

Follow along with VyOS, making sure to set your user/pass to something you will remember. Making sure to use reboot when finished.

After reboot, I utilized the following string of commands to remove hardware (MAC) addresses.

configure
delete interfaces ethernet eth0 hw-id
delete interfaces ethernet eth1 hw-id
commit
save

Result of show interfaces

image

I then used the following commands to enable ssh and set eth0 to dhcp. (Make sure you are in configure mode. Type conf to enter it.)


configure
set interfaces ethernet eth0 address dhcp
set service ssh listen-address 0.0.0.0
commit
save

image

Finally, I used exit and poweroff to prep the VM for template creation.

From the VM settings menu, I removed the ISO from the diskdrive by selecting "host device" under the CD/DCD drive 1 menu.

image

Then I right clicked the VM and created a screenshot named "base"

image

After successful template creation, I then changed the second network adapter to "480-WAN" (As created beforehand)

image

I'd then boot up, login, and do the following:


configure
set system login user vyos authentication plaintext-password {SECURE_PASS}
commit
save

I then ran the following to define the IP's on both eth's with descriptions, gateway, dns, and NAT forwarding.


# Interface setup for eth0
delete interfaces ethernet eth0 address dhcp
set interfaces ethernet eth0 address 192.168.7.161/24
set interfaces ethernet eth0 description CYBERLAB
# Interface setup for eth1
set interfaces ethernet eth1 address 10.0.17.2/24
set interfaces ethernet eth0 description 480-WAN
# Gateway and DNS setup
set protocols static route 0.0.0.0/0 next-hop 192.168.7.250
set system name-server 192.168.4.4
set system name-server 192.168.4.5
# DNS forwarding setup
set service dns forwarding listen-address 10.0.17.2
set service dns forwarding allow-from 10.0.17.0/24
set service dns forwarding system
# NAT forwarding setup
set nat source rule 10 outbound-interface eth0
set nat source rule 10 source address 10.0.17.0/24
set nat source rule 10 translation address masquerade
# Setting system hostname
set system host-name 480-fw
commit

Reflection: Again, this was all review from past classes (Mainly SYS & SEC 350 where we've used VyOS) However this process really gives context to the setup of functioning virtual environments. The only key difference is that this process is not automated (Hmmmmm. I wonder what will happen in the following milestones....) Overall, great review of my prior knowledge that has further enhanced my comfort in such matters.

Xubuntu and proof

Back in the "Virtual Machines" tab, we will now create our Xubuntu VM. (Use the same storage that you did for the Firewall VM.)

image

image

image

image

After success, I accessed the console for the new VM in order to complete install.

image

  • I used the defaults! Until the following:

image

I then would make a user named "zach", make this unique and give it a "good" password. (Not p@ssw0rd....)

I hit restart after the install completed:

image

The next time you boot, you should see a login like this. (I forgot to take a screenshot, so here's what it would look like on one of the Champlain Xubuntu boxes you've likely been given at some point)

image

First thing I did after logging in was run the following script provided by the instructor: (Go to the link if you'd like to see what it does 😄 )

sudo -i
wget https://raw.githubusercontent.com/gmcyber/RangeControl/main/src/scripts/base-vms/ubuntu-desktop.sh
chmod +x ubuntu-desktop.sh
./ubuntu-desktop.sh

Cleaned my trail and shutdown for template creation:

image

Before template creation, change the following like I did on my last box.

image

Under the "Actions" tab there will be an option to take a snapshot just like you did before:

image

Before booting, change the network adapter just like we did before:

image

First thing after logging in, I created a new user:


adduser zach
usermod -aG sudo zach

You should then restart the box and delete the first user you created. (Unless it was already secure rather than default)

I then accessed network connections > wire connection 1 (on Xubuntu of course) and set the following:

image

Right after this, I set the hostname with the following

sudo hostnamectl set-hostname xubuntu-wan
  • I was now ready to video my demo.

Reflection: Overall I had quite an easy time on this config. This process was easy, but extremely tedious; automation of this process is very necessary. This is a perfect experiment to teach the automation of VM creation in Vsphere and shows proper creation of templates (specifically changing network adapters and removing ISO's from the cd room.) As this course progresses, the core knowledge learned here will be quite important.