network manual
TRANSCRIPT
Network Built byJason Myers
Frieden1.local
Linux Network Project
GlossaryNetwork Map
Machine Configuration
DHCP
Chapters
Ch. 1
SeLinux ……………………………………………………………………………………………. Pg. 5
Ch. 2
Apache …………………………………….............….………………………………………. Pg. 6
Ch. 3
Bacula ……………………………………………………………………………………………… Pg. 10
Ch. 4
DNS …………………………………………………………………………………………………. Pg. 17
Ch. 5
FOG ……………………………………………………………………………………………….... Pg. 24
Ch. 6
Samba ………………………………………………………………………………………………. Pg. 30
Ch. 7
Squid ………………………………………………………………………………………………… Pg. 34
Ch. 8
Suricata ……………………………………………………………………………………………. Pg. 37
Ch. 9
Tripwire ……………………………………………………………………………………………. Pg. 38
Sources …………………………………………………………………………………………………………………... Pg. 41
1
Network MapPhysical location:
a. ATC building/Server Labb. Pod #6c. Server 6 and 8
Main Server:
a. Name- http://lab13b. IP- 10.10.16.184 (STATIC)c. MAC- 54:9f:35:25:58:d2d. Hardware-
1. Dell PowerEdge R2202. CPU E3-1240L v3 @ 2.00GHz3. 500GB HDD4. 32GB RAM5. Serial Number-BYHDS52
e. Software- 1. ESXi 5.5.0 (VMKernal Release Build 1331820)2. vSphere Client3. vSphere Web Client (https://10.10.4.178.9443/vsphere-client/#
f. Virtual Machines- (all IP’s are static)1. DNS
IP- 192.168.1.22. Squid/Suricata
IP- 192.168.1.113. Apache/Tripwire Server
IP- 192.168.1.124. Backup
IP- 192.168.1.135. FOG IP-
IP- 192.168.1.14
Second Server
a. Name- Frieden 1b. IP- 10.10.16.240 (static)c. MAC- 54:9F:35:25:50:5Cd. Hardware-
1. Dell PowerEdge R2202. CPU E3-1240L v3 @ 2.00GHz3. 1TB HDD4. 32GB RAM
2
e. Software-1. CentOS 6.4 set up as domain router2. dhcpd for the DHCP service3. Firewall is set up
Controlling Station
Lab13-PC
1. Software- Windows 72. IP- 10.10.1.240 (static)3. Subnet Mask- 255.255.255.04. Default Gateway- 10.10.0.15. MAC- 19:03:73:BB:E0:6C6. Primary DNS Suffix- CNS_Lab.local
DHCP
This was configured using this website- https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-dhcp.html
Follow these steps to configure the DHCP, be sure to use your subnet 192.168.1.1 and your netmask of 255.255.255.0.
3
Machine Configuration
4
Chapter 1
How to disable SeLinuxBefore anything is done on all the servers is that you must disable SeLinux. Log into the command prompt under root and type in this command;
vim /etc/sysconfig/selinux
You will see this page
In the SELINUX=enabled you will type SELINUX=disabled like you see above then save and leave the file. You can find the link I used to figure this out below;
https://www.centos.org/docs/5/html/5.1/Deployment_Guide/sec-sel-enable-disable.html
5
Chapter 2
Here we are creating and using the Apache MySQL/MariaDB. Be sure to have Centos 7 installed on your VM
The IP address for this project is 192.168.1.12
Installing MariaDB whisch is another name for MySQL
Start of by entering these commands;
1. yum -y install mariadb-server mariadb2. systemctl start mariadb.service3. systemctl enable mariadb.service4. mysql_secure_installation (with this one you will set a password then as you go through
the file answer the questions like this “Y, Y, Y, Y” you have now completed the install)
Installing Apache on your OS system
First of disable selinux. Log into command prompt as root and follow the disable selinux section in this packet.
Next use this command; yum -y install httpd
This will install Apache to your OS
Now we are going to ensure Apache starts at bootup and enable Apache as an OS service by entering this command;
systemctl start httpd.servicesystemctl enable httpd.service
The firewall now needs to be configured to allow external access to port 80 and 443
Enter these commands in order;
1. firewall-cmd --permanent --zone=public --add-service=http 2. firewall-cmd --permanent --zone=public --add-service=https3. firewall-cmd –reload
Now go to the browser and enter http://192.168.1.12 you will now see the Apache placeholder.
Now we are going to make a directory structure that will hold the site data.
6
Make a file by entering this command;
mkdir -p /var/www/example.com/public_html
in the /example.com/ you can enter your own domain name.
Now we will grant permissions to these files by entering this command;
chmod -R 755 /var/www
Next we are going to create a Demo Page for the Virtual Host
Use this command to enter file editor to edit our web page;
vim /var/www/example.com/public_html/index.htmlHere is an example of a small website with very little data input;
Once you have completed your webpage save and exit the file.
Now we are going to create a New Virtual Host FileThis set of commands will tell Apache that the virtual host is ready to be visited by users;
mkdir /etc/httpd/sites-availablemkdir /etc/httpd/sites-enabled
The next command will tell Apache to look for the virtual hosts in the sites-enabled directory. This will be done by entering the next command;vim /etc/httpd/conf/httpd.conf
and then we will input this to the end of the file;IncludeOptional sites-enabled/*.conf Then save the file and close it.
We next will create the first Virtual Hosts File
7
First open a new file with the following command;
vim /etc/httpd/sites-available/example.com.confYou first need to creat a pair of tags for designating the content as a virtual host that is listening on port 80;
<VirtualHost *:80>
</VirtualHost>
Next you declare the main erver name;
<VirtualHost *:80> ServerName www.example.com ServerAlias example.com</VirtualHost>
Now we finish this file by pointing to the root directory of the accessible web documaents, and tell Apache where to store error and request logs for this particular site;
<VirtualHost *:80>
ServerName www.example.com ServerAlias example.com DocumentRoot /var/www/example.com/public_html ErrorLog /var/www/example.com/error.log CustomLog /var/www/example.com/requests.log combined</VirtualHost>
Now you will Enable the New Virtual Host FilesFirst creat a symbolic link for each virtual host in the sites-enabled directory by enter this command;
ln -s /etc/httpd/sites-available/example.com.conf /etc/httpd/sites-enabled/example.com.conf
once that is finished, restart Apache for the changes to take affect by entering this command;
apachectl restart
Time for the last step, setting up the Local Hosts FileThis is an optional step but one I think you should take.
You are basically just testing your website, enter the command;
vim /etc/hostsYou need to add the public IP address of your VPS then the domain that you want to use to reach the VPS;
8
127.0.0.1 localhost127.0.1.1 guest-desktopserver_ip_address example.com
Now for the actual test. Go to your browser and enter your web address;
http://example.com
Now you should be all set up.
My Apache set up:Config files:
The web file I have on my system is: /var/www/html/index.html
My website: http://192.168.1.12
9
Chapter 3
Installing and Implementing BaculaFirst you need to decide on the install procedure you’re going to use. I used (How TO Install Bacula Server on Centos 7 | DigitalOcean)
Once you get through the first part of installing MySQL you will come up on this option;
I chose #1 as you can see it highlighted in the screenshot.
Next you will go to the /etc/bacula/bacula-dir.conf file then find and make the following changes as shown below in the order they are numbered:
1.
2. 3.
10
4. 5.
6. This one you need to change the area in red to the same password as your MySQL password
Then finally as seen below you need to add the red text that you see the window below.
7.
Once you have completed the objective above, save and close the file. To verify there are no syntax errors run the command below:
bacula-dir -tc /etc/bacula/bacula-dir.confIf you get no return then the syntax is correct.
Now it is time to Configure the Storage Resource
11
Open the /etc/bacula/bacula-sd.conf file. The first change we make is the SDAddress, enter the FQDN or the private IP address of the backup server like seen below indicated in red:
Now configure the storage device by adding /bacula/backup as seen below:
Now save and exit the file.Run this command to check for syntax errors:
bacula-sd -tc /etc/bacula/bacula-sd.confAs long as you get no returns you are good to go.
Time to Set the Bacula Component PasswordsThese are passwords that the system will use and that you don’t have to remember. All you do is run these following commands on order to set Director password:
DIR_PASSWORD=`date +%s | sha256sum | base64 | head -c 33`
sed -i "s/@@DIR_PASSWORD@@/${DIR_PASSWORD}/" /etc/bacula/bacula-dir.conf
sed -i "s/@@DIR_PASSWORD@@/${DIR_PASSWORD}/" /etc/bacula/bconsole.conf
Next enter these commands to set the Storage File Daemon passwords:
SD_PASSWORD=`date +%s | sha256sum | base64 | head -c 33`
sed -i "s/@@SD_PASSWORD@@/${SD_PASSWORD}/" /etc/bacula/bacula-sd.conf
sed -i "s/@@SD_PASSWORD@@/${SD_PASSWORD}/" /etc/bacula/bacula-dir.conf
12
The next command will generate and set the local File Daemon passeord:
FD_PASSWORD=`date +%s | sha256sum | base64 | head -c 33`sed -i "s/@@FD_PASSWORD@@/${FD_PASSWORD}/" /etc/bacula/bacula-dir.confsed -i "s/@@FD_PASSWORD@@/${FD_PASSWORD}/" /etc/bacula/bacula-fd.conf
Let’s fire this this up
Start all three services with the following commands:
systemctl start bacula-dirsystemctl start bacula-sdsystemctl start bacula-fd
If they all started fine then we are ready for the next step. Enter the next set of commands:systemctl enable bacula-dirsystemctl enable bacula-sdsystemctl enable bacula-fd
Now we test it. Enter bconsole into the command line and hit enter. Now issue the first command, * label.
You will be prompted to enter a name for the volume, I used NewVolume. Now enter the File Pool you want. I entered #2. The service should now run a backup.
We are now going to run a manual backup job. While still in the bconsole enter * run. Next enter 1 at the prompt to run the “BackupLocalFiles”. The system will ask you if you want to “Run Backup Job”, type yes.
You can now type in *messages. This will give you a message on what is going to happen in the backup procedure. Now enter *status director, this will show you the status of the of the Director. As long as everything is working properly you should see that the job is running
When the job completes you will so and output like the one below:
Running a Restore Job
While in the bconsole enter the *restore all command.
13
You will see a selection menu with different option, which are used to identify the backups on file. You choose the option you want, say you want the most recent backup which is 5 in this case.
The next prompt will ask you what file set you want to use. You should choose 2.
You will see a virtual file tree with the entire directory structure that you backed up. This interface allows you to see the simple commands to mark and unmark files for restoration. The marked files will be denoted with a leading asterisk (*).
You can fine-tune your selection by navigating and listing files with the “ls” and “cd” commands. Also you can mark files for restoration with “mark”, and unmark files with “unmark”.
When you are finished with your selections you will proceed by typing in the “done” command, and when prompted type yes and hit return. You can check the restore process with the status director command once again to confirm it is working and then just type exit to exit the bconsol.
You can verify the restore with the following command:
-u root bash -c "rm -rf /bacula/restore/*"
How to create a backup schedule
On our Bacula server you need to perform this command in root, it creates a directory to help organize the Bacula files:
mkdir /etc/bacula/conf.d
Now open the directory you just created.
vi /etc/bacula/bacula-dir.conf
Scroll to the bottom of the file and enter this line:
@|"find /etc/bacula/conf.d -name '*.conf' -type f -exec echo @{} \;"
Save and exit the file. That line makes the Dierector look in the /etc/bacula/conf.d directory for more configuration files.
We are now going to add a remote file pool, so open the /etc/bacula/conf.d/pools.conf file. Add the following pool resource:
Pool { Name = RemoteFile Pool Type = Backup Label Format = Remote-
Recycle = yes # Bacula can automatically recycle Volumes AutoPrune = yes # Prune expired volumes
14
Volume Retention = 365 days # one year Maximum Volume Bytes = 50G # Limit Volume size Maximum Volumes = 100 # Limit number of Volumes in Pool
}
Save and exit the file, now run the following command to make sure there are no syntax errors:
bacula-dir -tc /etc/bacula/bacula-dir.confif there are no errors you will get no return on the command.
Let us set up and Configure the Client
To begin go to your command prompt and log in as root. Now type the command “yum install bacula-client”.
Now before going any farther keep this information handy.
Client hostname: the hostname I used was the “masterdns” server.
Client Private FQDN: in this case its “masterdns.frieden1.local”
Bacula Server hostname: this will be “back”
You can use the following command to set the password for the Bacula Director to connect in the Daemon configuration: date +%s | sha256sum | base64 | head -c 33 ; echo. You can also set it yourself if you wish, this is what I did for this system. The password is: 2004Chevy.
Open the next file, this file is the File Daemon configuration: date +%s | sha256sum | base64 | head -c 33 ; echo
There are a few things that need to be changed in this file. Let’s begin with finding the Directory resource, it should look like this:
As you can see the changes that need to be made are in red. Change the name to what you see in the picture above. Next replace the password with the one you either generated earlier or the one you made up, in my case it’s 2004Chevy. Make sure to continue to keep the password handy since we will need this again later.Find the FIleDaemon section that looks like this:
15
Change the name to “masterdns” which is the client host name then enter the FDAddress. In this case it’s “masterdns.frieden1.local”. Now find the “Messages” section like you see below, then change the director to in my case “back”:
Save and exit the file and now check it with the following command:bacula-fd -tc /etc/bacula/bacula-fd.conf If nothing returns then the syntax is
correct.Now that we are finished with that we need to restart the system, we do that by issuing this command:systemctl enable bacula-fd
Now Setup the Directory that Bacula can Restore too. Use the following commands:mkdir -p /bacula/restorechown -R bacula:bacula /baculachmod -R 700 /bacula
Our client machine is set up and configured correctly.
16
Chapter 4
Here you will install and set up the DNS Server.This is the current set up on my DNS and this is how I done it. To start I used this IP, 192.168.1.2, this is for the DNS and my Samba server.
This was installed on a CentOS 7, with all current updates.
Log into the system and then open a command window, then log in as root.
Be sure that SeLinux is disabled.
Installing bind which is a DNS package
First off install the service with the following command:
yum install bind bind-utils -y
Once that is finished installing you will configure the server. In the command prompt type in this command:
vi /etc/named.confThen add the following lines to the file (it’s easier to copy and paste the info into the file) :
//// named.conf//// Provided by Red Hat bind package to configure the ISC BIND named(8) DNS// server as a caching only nameserver (as a localhost DNS resolver only).//// See /usr/share/doc/bind*/sample/ for example named configuration files.//
options { listen-on port 53 { 127.0.0.1; 192.168.1.101;}; ### Master DNS IP #### listen-on-v6 port 53 { ::1; }; directory "/var/named"; dump-file "/var/named/data/cache_dump.db"; statistics-file "/var/named/data/named_stats.txt"; memstatistics-file "/var/named/data/named_mem_stats.txt"; allow-query { localhost; 192.168.1.0/24;}; ### IP Range ### allow-transfer{ localhost; 192.168.1.102; }; ### Slave DNS IP ###
/* - If you are building an AUTHORITATIVE DNS server, do NOT enable recursion. - If you are building a RECURSIVE (caching) DNS server, you need to enable
17
recursion. - If your recursive DNS server has a public IP address, you MUST enable access control to limit queries to your legitimate users. Failing to do so will cause your server to become part of large scale DNS amplification attacks. Implementing BCP38 within your network would greatly reduce such attack surface */ recursion yes;
dnssec-enable yes; dnssec-validation yes; dnssec-lookaside auto;
/* Path to ISC DLV key */ bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid"; session-keyfile "/run/named/session.key";};
logging { channel default_debug { file "data/named.run"; severity dynamic; };};
zone "." IN { type hint; file "named.ca";};
zone "frieden1.local" IN {type master;file "forward.frieden1";allow-update { none; };};zone "1.168.192.in-addr.arpa" IN {type master;file "reverse.frieden1";allow-update { none; };};
include "/etc/named.rfc1912.zones";include "/etc/named.root.key";
The pictures below show you how it should look:
18
19
Now you create Zone files
The forward and reverse zone files that was mentioned earlier in the “/etc/named.conf” file will be create here. Enter the following command to create the ‘forward.frieden1’ file in the “/var/named” directory:
vi /var/named/forward.frieden1Now add the following lines that you see in the picture bellow to the file:
After the lines are added, save and close the file.
Time to create the Reverse Zone file. Create the ‘reverse.frieden1’ file in the “/var/named” directory:
vi /var/named/reverse.frieden1Now add the following lines:
20
Once finished save and exit the file.
Time to start the DNS service. In the command prompt enter the following commands in order:
systemctl enable namedsystemctl start named
The DNS service should now be running.
Configuration of the Firewall
In order for the DNS server to work it needs to be able to get through the firewall. We do this by configuring the firewall to allow port 53 to open though the firewall. Use the following commands in order:
firewall-cmd --permanent --add-port=53/tcpfirewall-cmd --permanent --add-port=53/udp
Now restart the firewall with the next command:
firewall-cmd --reload
Time to configure the Permissions and Ownership
First check the DNS default config. File by using this command:
named-checkconf /etc/named.confAs long as it returns nothing, the configuration is valid.
Now check the forward and reverse zones by entering these commands:
Forward zone: named-checkzone frieden1.local /var/named/forward.frieden1The output should look similar to this:
zone frieden1.local/IN: loaded serial 2011071001OK
21
Reverse zone: named-checkzone frieden1.local /var/named/reverse.frieden1
Again you should have a similar output as below:
zone unixmen.local/IN: loaded serial 2011071001OK
The DNS server details need to be added to the network interface config file. You do this by entering this command to access this file:
zone frieden1.local/IN: loaded serial 2011071001OK
Be sure that the file looks like this:
TYPE="Ethernet"BOOTPROTO="none"DEFROUTE="yes"IPV4_FAILURE_FATAL="no"IPV6INIT="yes"IPV6_AUTOCONF="yes"IPV6_DEFROUTE="yes"IPV6_FAILURE_FATAL="no"NAME="enp0s3"UUID="5d0428b3-6af2-4f6b-9fe3-4250cd839efa"ONBOOT="yes"HWADDR="08:00:27:19:68:73"IPADDR0="192.168.1.101"PREFIX0="24"GATEWAY0="192.168.1.1"DNS="192.168.1.2"IPV6_PEERDNS="yes"IPV6_PEERROUTES="yes"
Now save and close this file.
Now open this file and edit it:
vi /etc/resolv.confAdd the DNS server IP address:
nameserver 192.168.1.2Then save and close the file.
Restart the network with the next command:
systemctl restart networkNow we test the DNS server by using this command:
Dig masterdns.frieden1.localYou should get an output that list all the information of the DNS files.
You can also use ‘nslookup frieden1.local’ and that will give you another output that lists the server IP and address with port number 53.
With that the DNS is now installed and configured.
22
These are the configuration files for my DNS serviceDNS files to configure:
/etc/named/zones/forward.friedden1
/etc/named/zones/reverse.frieden1
/etc/sysconfig/nework-scripts/ifcfg-ens192
/etc/named.conf
IP address is 192.168.1.2
23
Chapter 5
How to install and Deploy a FOG serverYou first need to find a reliable down load site to help you in the installation of the FOG server. I used https://wiki.fogproject.org/wiki/index.php?title=Installation_on_CentOS_6.4 to do my installation.
Follow the instructions on how to install FOG.
When you get to this point below take the highlighted address in the picture below and open a new browser on a different machine using the log in information seen in the picture below.
Initial FOG instillation on a CentOS 6.4 platform
The NEW Username is (fog) and the passwd is (password)
24
After FOG is loaded you next need to load an image from the FOG boot menu on your PC that you want imaged.
1. Open a browser and navigate to http://192.168.1.14/fog. 2. Login to the server (username is fog and password is password).3. Navigate to the images section which is the icon in the top row that looks like picture. 4. On the left hand menu select Create New Image.5. Enter a meaningful Image Name (no special characters)6. Enter a description if you wish.7. Under storage group, select default8. From the drop down menu select the appropriate operating system for the image 9. If the image file is not as you would like it, change it now (no spaces or special characters)10. If you are imaging a single partition Windows machine, select Single Partition11. Click Add
Create the task
1. Still in the host object, click on the Basic Tasks option on the left hand menu.2. Select Capture3. Click Capture Image4. Reboot client and it should pull an image from that computer.
You should get an image like so:
25
Once the image is uploaded you will now have an image template that you can deploy on new machines.
Deploying an Image
Log into your FOG account in a browser
For now let the GUI of FOG set. You need a clean machine, no OS installed. Start the machine and let it go through its boot process. When it goes to the screen below highlight the Quick Host Registration and Inventory and hit enter. This will enter the information of the bare machine into the FOG server.
26
Now go back to the browser with FOG pulled up, tap the Host tab and then on the left navigation pane tap the List All Hosts tab. You will see a window like this one below. You will find the bare machine that you loaded into FOG just a few minutes ago.
Now click the host computer you want to image by tapping the edit tab on the right side of the host column. The next screen is of the picture below.
27
Select the host image and the host OS then select the Basic Tasks tab on the left side of the page. This is the next page you will see:
28
Select the Deploy tab, you should get a confirmation that the Task has Started. Now we go back to the bare machine and reboot it. You will again come up to the FOG selection page.
Now highlight the Quick Image line and hit enter. Your machine should now begin loading the image from the FOG server.
That’s it, once the image is loaded you can work away on your new system.
29
Chapter 6
Here we are going to install and configure SambaYou will need a fresh updated CentOS 7 system to begin with. You will also need a fresh Windows 7 install on a separate machine or VM.
In this instance we are using an IP of 192.168.1.2 which is also the same system as our DNS. This will be the Samba server. Be sure that SeLinux is disabled.
The Windows 7 client will use the DHCP IP assigned to it.
Installing Samba
Log in into your CentOS system, open command window and log into root. Next type in this command: yum install samba* -y
Configuring an anonymous share
First create a directory by running this command:
mkdir -p /samba/anonymous_sharechmod -R 0777 /samba/anonymous_share
Now edit the conf file:vi /etc/samba/smb.conf
Make the changes as needed:` ## Add the following lines under [global] section ## unix charset = UTF-8 dos charset = CP932
## Change the windows default workgroup ## workgroup = WORKGROUP
## Uncomment and set the IP Range ## hosts allow = 192.168.1.0
## Uncomment ## max protocol = SMB2
## Uncomment, and change the value of 'Security' to 'user' ## security = user
## Add the following line ## map to guest = Bad User
## Add the following lines at the bottom ## [Anonymous share] path = /samba/anonymous_share writable = yes
30
browsable = yes guest ok = yes guest only = yes create mode = 0777 directory mode = 0777Now save and exit the conf. file
Now it is time to start the Samba Service and Enable it on reboot:systemctl start smbsystemctl start nmbsystemctl enable smbsystemctl enable nmb
Test the system by running this command: testparmAs long as there are now errors you are good to go.
You now need to configure the firewall so that it will allow the Samba default ports through the firewall.
Inter the following commands in order:
firewall-cmd --permanent --add-port=137/tcpfirewall-cmd --permanent --add-port=138/tcpfirewall-cmd --permanent --add-port=139/tcpfirewall-cmd --permanent --add-port=445/tcpfirewall-cmd --permanent --add-port=901/tcp
Now restart the firewall with the following command:firewall-cmd --reload
Accessing the Shared folderLog into your Windows Client. In the start menu click on the RUN feature. When RUN opens type in the Samba server IP like so: \\192.168.1.2, you should now be able to access the Samba Share file.
31
To see what share files there are you can run this command on the Samba server:
ls -l /samba/anonymous_share/
Creating secured share on Samba Server
This is where you will create your secured folders, either for a single user or for a certain group of users. First off you’re going to create a user named com1 for instance and a group called firewall, you do that by using this command:
useradd -s /sbin/nologin com1groupadd security
Next assign your user to the security group and set the passwd:usermod -a -G security com1smbpasswd -a com1
Now create a new share, we will call this one “sshare” then set the permissions to that share:mkdir /samba/sharechmod -R 0755 /samba/ssharechown -R com1:security /samba/sshare
Time to edit the samba configuration file again:vi /etc/samba/smb.conf
Add the following lines to the bottom of the configuration file:[sshare]path = /samba/ssharewritable = yesbrowsable = yesguest ok = no
32
valid users = @security
Save and log out of the configuration folder. Now run a quick test to make sure everything is working properly:testparm
Time to go to the Windows client “com1” and check for the “sshare” folder, double click the sshare folder. You will be prompted to enter a user name and passwd, enter “com1” for the user and then the passwd that you set for com1.You have now installed and configured Samba.
My current set up is as follows:
The share name is: /etc/samba/linux-share with R 0777 properties
To access the shared folders go to RUN and enter \\centos
Group name is: linuxp User; com1 Passwd; HJAMyers User; com2 Passwd; HJAMyers
Path= /samba/secure_share
Valid users= @linuxp
33
Chapter 7
How to install and Use Squid
Squid is a proxy service so that you can block website from being accessed by company computer. It is literally a way to sensor the internet on a local platform.
Let us first start by installing squid by logging into the command prompt as root, now issue this command:
yum install squid
Now configure squid by going into the configuration file:
vi /etc/squid/squid.conf
The next picture is an example of a configuration file:
You can add sites to be banned from viewing on your network by adding them in the configuration file.
34
We now will open a port in the firewall so that squid can get through without issue. In the command prompt issue this command to open port 3128:
iptables -A INPUT -m state --state NEW -m tcp -p tcp --dport 3128 -j ACCEPT
Now it is time to restart the squid service by issuing this next command:
service squid restart
Make sure the squid service is going to start every time you start the server by issuing this command:
chkconfig squid on
To see the users activity you can issue this command:
tail -f /var/log/squid/access.logNow go to a client pc and log on. Go to the browser and under tools look for settings or internet options like so:
35
Then open the proxy settings like that in the red box above.
Once in the settings turn on proxy settings and enter the IP address of the squid server and the port number that we opened to the firewall earlier, which is port 3128 as seen in the next picture below:
Back up config is /etc/squid/squid.conf.org.back
The config file is /etc/squid/squid.conf
This routes all internet traffic through the squid server and is now restricted by whatever settings you have in the squid.conf file.
36
Chapter 8
Once you have suricata installed run the sudo vi /etc/suricata/suricata.yaml cmd. This is where you will set suricata up to run.
1st go to HOME_NET and change the IP address to your domain address.
2nd scroll down to default-rule-path and make not of the cmd for later use; /usr/local/etc/suricata/rules
3rd scroll down to default-log-dir and change that to ; /var/log/suricata/
4th as you scroll through make sure you change all area dealing with your NIC and change the names
5th scroll to the host-os-policy: insert your client IPs in the corresponding OS lines
6th scroll to the threading: and make sure the set-cpu-affinity: no then set detect-thread-ratio: 1.5
Then exit the config file. Next input sudo /usr/local/bin/suricata –list-runmodes this gives you all the run modes that you can run with suricata.
Now to start Suricata go to command line and enter; /usr/local/bin/suricata –c /etc/suricata/suricata.yaml –i ens192 –init-errors-fatal This will start the engine. Your screen should look like this;
Once the engine is running for a while you can hit ctrl-C to stop the engine, when stopped the screen should look similar to below.
Depending on how long you let it run will determine the amount of packets that were sent out.
37
To check the log files enter the following command; tail –f var/log/suricata/eve.json you should get a screen that looks like this;
For more information on how to use the many services on Suricata go to
https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Quick_Start_Guide
38
Chapter 9
Installing and configuring TripwireBefore installing Tripwire first have a CentOS 7 system with updates completed and have SeLinux disabled.
Open a command prompt and log into root. Now open a browser window and go to tripwire.org and downlod the latest version. The download will be in tar so you will have to un-tar it with the following commands:
tar xvzf tripwire-2.3-47.i386.tar.gz
rpm -ivh tripwire-2.3-47.i386.rpmNext issue this command to execute the instillation shell script:
/etc/tripwire/twinstall.sh
Tripwire configuration
The default policies are in this location:
/usr/sbin/twadmin -m P /etc/tripwire/twpol.txt
Now generate the initial database using this command:
/usr/sbin/tripwire -m i
This next command will prevent a large number of false alarms. The false alarms occur any time there is a discrepancy in the default policy and the local system’s current configuration. To show a list of these alarms enter this command:
/usr/sbin/tripwire -m c | grep Filename >> twtest.txt
Next, using the following command edit the policy file by commenting out or deleting the filenames listed in the twtest.txt:
/etc/tripwire/twpol.txt
Finalizing the ConfigurationWhenever the file is edited, the policy needs to be reinstalled and the
database recreated. We do this by using the following commands:
/usr/sbin/twadmin -m P /etc/tripwire/twpol.txt
39
/usr/sbin/tripwire -m i
We are now ready to delete the clear text versions of the Tripwire policy and config files.
We will accomplish this be using the following command:
rm /etc/tripwire/twcfg.txt /etc/tripwire/twpol.txtIf for some reason you need to restore the clear version again, you can do so by using this command:
/usr/sbin/twadmin -m p > /etc/tripwire/twpol.txt
How to schedule a nightly analysis
First create a shell script, the file will be “runtw.sh” in the /usr/local/bin directory.
The command is as follows:
!/bin/sh
/usr/sbin/tripwire -m c | mail -s "Tripwire Report from apache" root@localhost
Now schedule the script to run nightly at 1:01am by adding this line:
1 1 * * * /usr/local/bin/runtw.shroot crontab by using this command:
crontab –e
The tripwire system will now generate a report every night at 1:01am and send them to the system admin on the status of the systems.
40
Sources
Apache- https://www.digitalocean.com/community/tutorials/how-to-install-linux-apache-mysql-php-lamp-stack-on-centos-7
Bacula- https://www.digitalocean.com/community/tutorials/how-to-install-bacula-server-on-centos-7
DHCP- https://www.centos.org/docs/5/html/Deployment_Guide-en-US/ch-dhcp.html
DNS- https://www.digitalocean.com/community/tutorials/how-to-configure-bind-as-a-private-network-dns-server-on-centos-7
Fog- https://wiki.fogproject.org/wiki/index.php/Installation_on_CentOS_7
Samba- https://www.unixmen.com/install-configure-samba-server-centos-7/
SeLinux- https://www.centos.org/docs/5/html/5.1/Deployment_Guide/sec-sel-enable-disable.html
Squid- http://www.liquidweb.com/kb/how-to-install-squid-caching-proxy-on-centos-7/
Suricata- https://redmine.openinfosecfoundation.org/projects/suricata/wiki/CentOS_Installation
Tripwire- https://www.digitalocean.com/community/tutorials/how-to-use-tripwire-to-detect-server-intrusions-on-an-ubuntu-vps
41