System Specifications and Setup

Traveler02-hanne

A WAN based road warrior user running Windows 10. (this replaces the linux rw01)

Adapter

  • WAN

    • Find this in VM hardware

    • Make sure machine is OFF before you do this

Hostname

  1. Open Settings

  2. Select System

  3. Select About

  4. Select Rename this PC

  5. Enter a new name

  6. Select Next

  7. Choose to restart your computer now or later

User

Make a named user on windows:

  1. Open Settings

  2. Select Accounts

  3. Select Family & other users

  4. Under Other users, click Add someone else to this PC

Add user to local admin group on windows:

IP Address

Go to Settings > Network & Internet > Ethernet (or Wi-Fi) > Change adapter options > right-click your network adapter > Properties > Internet Protocol Version 4 (TCP/IPv4) > Properties, then select "Use the following IP address"

Other Specifications

Get to nginx01's custom test page

Perform ssh key-based authentication with jump

Figure out how to create a keypair using either powershell or PuTTY, transfer the public portion to one of your linux systems and demonstrate a passwordless login from windows to a linux system.

Generate keypair

  • ssh-keygen -t rsa

  • Enter file in which to save the key. (C:\Users\annem_000.ssh\id_rsa):

  • Enter Passphrase (empty for no passphrase):

    • id_rsa contains the private key.

    • id_rsa.pub contains the public key.

Create a SSH directory on server

  • ls .ssh

  • mkdir -p .ssh

Disable password authenticaion

  • sudo nano /etc/ssh/sshd_config

    • PasswordAuthenticaion no

    • ChallengeResponseAuthentication no

    • UsePAM no

Upload public key to remote server

  • ssh-copy-id user@somedomain

DHCP02-hanne

A LAN based dhcp server running Ubuntu

Adapter

  • Set to LAN

    • Find this in VM hardware

    • Make sure machine is OFF before you do this

Hostname

sudo hostnamectl set-hostname rw01-hanne

User

sudo adduser hanne
# only sudo can add a user
sudo usermod -aG sudo hanne
# adds the user to the admin group

IP Address

sudo nano /etc/netplan/99_config.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    ens160: (make sure you change this)
      addresses:
        - 10.0.17.43/24 (this should be your IP address)
      routes:
        - to: default
          via: 10.0.17.2 (this is your default gateway)

  • sudo netplan apply

Other Specifications

Installed Wazuh agents/be able to connect to Wazuh

  • Go to Wazuh

  • Go to Agents

  • Deploy a new agent

  • Use the following command to install the agent:

    • make sure to grab the actual command when you set up an agent on the Wazuh interface

curl -o wazuh-agent-4.7.5-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.5-1.x86_64.rpm && sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='Web01Agent' rpm -ihv wazuh-agent-4.7.5-1.x86_64.rp

  • Start the agent 

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent 
sudo systemctl start wazuh-agen
Server a pool of DHCP addresses to the LAN from .100 to .150

  • Assign static IP to the Ubuntu servers LAN 

network:
  version: 2
  ethernets:
    ens3:
      dhcp4: yes
    ens4:
      dhcp4: no
      addresses: [192.168.100.1/24]

  • sudo netplan apply

  • Install ISC DHCP server

    • sudo apt install isc-dhcp-server

    • sudo systemctl status isc-dhcp-server

  • Configure

    • /etc/dhcp/dhcp.conf

    • mv /etc/dhcp/dhcp.conf /etc/dhcp/dhcp.conf.orig

    • sudo nano /etc/dhcp/dhcpd.conf

default-lease-time 43200;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.100.255;
option domain-name "local.lan";
authoritative;
subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.100 192.168.100.200;
  option routers 192.168.100.1;
  option domain-name-servers 192.168.100.1;
}

  • Set Listening interface

    • Specify which interface the DHCP server should use by editing /etc/default/isc-dhcp-server:

INTERFACESv4="ens4"

  • Start and Verify DHCP service 

sudo systemctl start isc-dhcp-server
sudo systemctl status isc-dhcp-server

Edge02-hanne

A vyOS Firewall with three interfaces (WAN, DMZ, LAN). You will need to add an interface using vCenter. (this replaces fw01)

Adapter

  • WAN

  • DMZ

  • LAN

    • Find this in VM hardware

    • Make sure machine is OFF before you do this

Hostname 

configure 
set system host-name edge02-hanne (this should be whatever hostname you choose)
commit 
save 
exit

IP Address

Gateway and DNS

The SEC350-WAN interface on fw01 needs to be informed on how to get out to the internet. We will set both the default gateway and DNS server to the SEC350-Gateway Firewall at 10.0.17.2.

configure
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
commit 
save 
exit
Interface assignment

  • Type show interfaces

delete interfaces ethernet eth0 address dhcp 
delete interfaces ethernet eth1 address dhcp
commit 
save

Set the interfaces and make sure to give them a description

configure 
set interfaces ethernet eth0 description SEC-350-WAN 
set interfaces ethernet eth1 description SEC-350-DMZ
set interfaces ethernet eth2 description SEC-350-LAN
commit
save 
exit

Set the corresponding IP addresses for each interface

configure 
set interfaces ethernet eth0 address 10.0.17.143/24 (this will be unique)
set interfaces ethernet eth1 address 172.16.50.2/29
set interfaces ethernet eth2 address 172.16.150.2/24 
commit
save 
exit

Nginx02-hanne

A DMZ based nginx web server running Ubuntu (this replaces web01 and apache)

Adapter

  • DMZ

    • Find this in VM hardware

    • Make sure machine is OFF before you do this

Hostname 

sudo hostnamectl set-hostname rw01-hanne

User

sudo adduser hanne
# only sudo can add a user
sudo usermod -aG sudo hanne
# adds the user to the admin group

IP Address 

sudo nano /etc/netplan/99_config.yaml
network:
  version: 2
  renderer: networkd
  ethernets:
    ens160: (make sure you change this)
      addresses:
        - 10.0.17.43/24 (this should be your IP address)
      routes:
        - to: default
          via: 10.0.17.2 (this is your default gateway)
Custom web page

  • sudo apt update -y

  • sudo apt install -y nginx

  • systemctl enable nginx

  • systemctl start nginx

  • systemctl status nginx

Make a custom webpage

  • cd /var/www/html

  • sudo nano index.html

  • Input webpage

Installed Wazuh agents/be able to connect to Wazuh

  • Go to Wazuh

  • Go to Agents

  • Deploy a new agent

  • Use the following command to install the agent:

    • make sure to grab the actual command when you set up an agent on the Wazuh interface

curl -o wazuh-agent-4.7.5-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.5-1.x86_64.rpm && sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='Web01Agent' rpm -ihv wazuh-agent-4.7.5-1.x86_64.rp

  • Start the agent 

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent 
sudo systemctl start wazuh-agent

Mgmt02-hanne

  • should be able to surf the internet

  • should be able to navigate to nginx02

  • mgmt01 should be able to ssh to nginx01

Wsk01-hanne

  • should be able to surf the internet

  • should be able to navigate to nginx02

  • Use DHCP addressing

PreviousAssessment PrepNextfw01 configuration

Last updated