System Specifications and Setup

Traveler02-hanne

A WAN based road warrior user running Windows 10. (this replaces the linux rw01)

Adapter

• WAN

  • Find this in VM hardware

  • Make sure machine is OFF before you do this

Hostname

1. Open Settings

2. Select System

3. Select About

4. Select Rename this PC

5. Enter a new name

6. Select Next

7. Choose to restart your computer now or later

User

Make a named user on windows:

1. Open Settings

2. Select Accounts

3. Select Family & other users

4. Under Other users, click Add someone else to this PC

Add user to local admin group on windows:

IP Address

Go to Settings > Network & Internet > Ethernet (or Wi-Fi) > Change adapter options > right-click your network adapter > Properties > Internet Protocol Version 4 (TCP/IPv4) > Properties, then select "Use the following IP address"

Other Specifications

Get to nginx01's custom test page

Perform ssh key-based authentication with jump

Figure out how to create a keypair using either powershell or PuTTY, transfer the public portion to one of your linux systems and demonstrate a passwordless login from windows to a linux system.

Generate keypair

• ssh-keygen -t rsa

• Enter file in which to save the key. (C:\Users\annem_000.ssh\id_rsa):

• Enter Passphrase (empty for no passphrase):

  • id_rsa contains the private key.

  • id_rsa.pub contains the public key.

Create a SSH directory on server

• ls .ssh

• mkdir -p .ssh

Disable password authenticaion

• sudo nano /etc/ssh/sshd_config

  • PasswordAuthenticaion no

  • ChallengeResponseAuthentication no

  • UsePAM no

Upload public key to remote server

• ssh-copy-id user@somedomain

DHCP02-hanne

A LAN based dhcp server running Ubuntu

Adapter

• Set to LAN

  • Find this in VM hardware

  • Make sure machine is OFF before you do this

Hostname

sudo hostnamectl set-hostname rw01-hanne

User

sudo adduser hanne
# only sudo can add a user

sudo usermod -aG sudo hanne
# adds the user to the admin group

IP Address

sudo nano /etc/netplan/99_config.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    ens160: (make sure you change this)
      addresses:
        - 10.0.17.43/24 (this should be your IP address)
      routes:
        - to: default
          via: 10.0.17.2 (this is your default gateway)

• sudo netplan apply

Other Specifications

Installed Wazuh agents/be able to connect to Wazuh

• Go to Wazuh

• Go to Agents

• Deploy a new agent

• Use the following command to install the agent:

  • make sure to grab the actual command when you set up an agent on the Wazuh interface

curl -o wazuh-agent-4.7.5-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.5-1.x86_64.rpm && sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='Web01Agent' rpm -ihv wazuh-agent-4.7.5-1.x86_64.rp

• Start the agent

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent 
sudo systemctl start wazuh-agen

Server a pool of DHCP addresses to the LAN from .100 to .150

• Assign static IP to the Ubuntu servers LAN

network:
  version: 2
  ethernets:
    ens3:
      dhcp4: yes
    ens4:
      dhcp4: no
      addresses: [192.168.100.1/24]

• sudo netplan apply

• Install ISC DHCP server

  • sudo apt install isc-dhcp-server

  • sudo systemctl status isc-dhcp-server

• Configure

  • /etc/dhcp/dhcp.conf

  • mv /etc/dhcp/dhcp.conf /etc/dhcp/dhcp.conf.orig

  • sudo nano /etc/dhcp/dhcpd.conf

default-lease-time 43200;
max-lease-time 86400;
option subnet-mask 255.255.255.0;
option broadcast-address 192.168.100.255;
option domain-name "local.lan";
authoritative;
subnet 192.168.100.0 netmask 255.255.255.0 {
  range 192.168.100.100 192.168.100.200;
  option routers 192.168.100.1;
  option domain-name-servers 192.168.100.1;
}

• Set Listening interface

  • Specify which interface the DHCP server should use by editing /etc/default/isc-dhcp-server:

INTERFACESv4="ens4"

• Start and Verify DHCP service

sudo systemctl start isc-dhcp-server
sudo systemctl status isc-dhcp-server

Edge02-hanne

A vyOS Firewall with three interfaces (WAN, DMZ, LAN). You will need to add an interface using vCenter. (this replaces fw01)

Adapter

• WAN

• DMZ

• LAN

  • Find this in VM hardware

  • Make sure machine is OFF before you do this

Hostname

configure 
set system host-name edge02-hanne (this should be whatever hostname you choose)
commit 
save 
exit

IP Address

Gateway and DNS

The SEC350-WAN interface on fw01 needs to be informed on how to get out to the internet. We will set both the default gateway and DNS server to the SEC350-Gateway Firewall at 10.0.17.2.

configure
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
set system name-server 10.0.17.2
commit 
save 
exit

Interface assignment

• Type show interfaces

delete interfaces ethernet eth0 address dhcp 
delete interfaces ethernet eth1 address dhcp
commit 
save

Set the interfaces and make sure to give them a description

configure 
set interfaces ethernet eth0 description SEC-350-WAN 
set interfaces ethernet eth1 description SEC-350-DMZ
set interfaces ethernet eth2 description SEC-350-LAN
commit
save 
exit

Set the corresponding IP addresses for each interface

configure 
set interfaces ethernet eth0 address 10.0.17.143/24 (this will be unique)
set interfaces ethernet eth1 address 172.16.50.2/29
set interfaces ethernet eth2 address 172.16.150.2/24 
commit
save 
exit

Nginx02-hanne

A DMZ based nginx web server running Ubuntu (this replaces web01 and apache)

Adapter

• DMZ

  • Find this in VM hardware

  • Make sure machine is OFF before you do this

Hostname

sudo hostnamectl set-hostname rw01-hanne

User

sudo adduser hanne
# only sudo can add a user

sudo usermod -aG sudo hanne
# adds the user to the admin group

IP Address

sudo nano /etc/netplan/99_config.yaml

network:
  version: 2
  renderer: networkd
  ethernets:
    ens160: (make sure you change this)
      addresses:
        - 10.0.17.43/24 (this should be your IP address)
      routes:
        - to: default
          via: 10.0.17.2 (this is your default gateway)

Custom web page

• sudo apt update -y

• sudo apt install -y nginx

• systemctl enable nginx

• systemctl start nginx

• systemctl status nginx

Make a custom webpage

• cd /var/www/html

• sudo nano index.html

• Input webpage

Installed Wazuh agents/be able to connect to Wazuh

• Go to Wazuh

• Go to Agents

• Deploy a new agent

• Use the following command to install the agent:

  • make sure to grab the actual command when you set up an agent on the Wazuh interface

curl -o wazuh-agent-4.7.5-1.x86_64.rpm https://packages.wazuh.com/4.x/yum/wazuh-agent-4.7.5-1.x86_64.rpm && sudo WAZUH_MANAGER='172.16.200.10' WAZUH_AGENT_GROUP='linux' WAZUH_AGENT_NAME='Web01Agent' rpm -ihv wazuh-agent-4.7.5-1.x86_64.rp

• Start the agent

sudo systemctl daemon-reload
sudo systemctl enable wazuh-agent 
sudo systemctl start wazuh-agent 

Mgmt02-hanne

• should be able to surf the internet

• should be able to navigate to nginx02

• mgmt01 should be able to ssh to nginx01

Wsk01-hanne

• should be able to surf the internet

• should be able to navigate to nginx02

• Use DHCP addressing