Skip to main content

"Midterm" Assesment

VyOS Config used by end of assessment !!!

If you need it, can be found at https://github.com/SomethingGeneric/sec350

Notes on restoring config for fw01/edge01

  1. Check edge net interfaces in vcenter console (have to add 3rd, for DMZ)
  2. Set interfaces by matching MAC in vcenter to ethX name in VyOS
# interface config
set interface ethernet ethX description "WAN/DMZ/LAN" # as appropriate
set interface ethernet ethX address x.x.x.x/x
# set system next-hop to 10.0.17.2
set protocols static route 0.0.0.0/0 next-hop 10.0.17.2
# and DNS
set system name-server 10.0.17.2
  1. Drop-in the file /etc/apt/sources.list.d/badidea.list
deb https://deb.debian.org/debian bullseye main contrib non-free
  1. Pull config
sudo apt update && sudo apt install -y git
git clone https://github.com/SomethingGeneric/sec350
cp sec350/fw01-matt.config.boot /config/config.boot
# and EDIT config.boot since MAC addrs and interfaces are prob different (also hostname i suppose lol)

Deliverable 1

Notes on Nginx for Ubuntu

(#1, had to move it to a LAN IP for testing (rip MGMT network))

sudo nano /etc/netplan/00-installer-config.yaml # change to LAN gateway/dns IP and pick a host IP
sudo netplan apply
sudo apt update && sudo apt install -y nginx
sudo nano /var/

Deliverable 2

DHCP on Ubuntu (still testing w/ Jump/Wazuh)

https://documentation.ubuntu.com/server/how-to/networking/install-isc-dhcp-server/index.html

sudo apt install isc-dhcp-server

And then set up /etc/dhcp/dhcpd.conf

# minimal sample /etc/dhcp/dhcpd.conf
default-lease-time 600;
max-lease-time 7200;
authoritative;
    
subnet 172.16.150.0 netmask 255.255.255.0 {
 range 172.16.150.150 172.16.150.200;
 option routers 172.16.150.2;
 option domain-name-servers 172.16.150.2;
 option domain-name "heeho.lan";
}

Finally, sudo systemctl enable –now isc-dhcp-server

SSH Key Auth from Windows Hosts

In Powershell, you can run ssh-keygen as you would on a Linux host
Then you can scp .\.ssh\id_rsa.pub you@hostip:.
Then do one password SSH session and:

cat id_rsa.pub >> .ssh/authorized_keys 
rm id_rsa.pub

That’s it!

Deliverable 3