Lab 2.2 Syslog Organization on log01
We will spend considerable time both implementing security controls and the means to monitor these controls. An understanding of logging and logging architecture is critical for continuous monitoring. We will start with traditional syslog servers and later we will leverage host based agents to report events of interest.
List out any commands that were used or found to be helpful during the process.
ssh
- begins a remote session
wget
- allows the download of files from a link rather than a yum/apt install
Document any notes that were taken while working on the assignment.
- Setting up mgmt01
mgmt01 should be placed on your LAN w/ appropriate ip
named admin user/new password
Install Chrome Remote Desktop
Make NAT source rules for the LAN as well as additional DNS forwarding enteries
- Log organization
edit the rsyslog.conf and comment out the UDP and TCP rules so a custom rules file can be added.
(in the /etc/rsyslog.d/ dir)
wget https://raw.githubusercontent.com/gmcyber/sec350-share/main/03-sec350.conf
restart rsyslog
- Web01 Log Auth Events
modify the sec350-client.conf file to include the line
authpriv.* @172.16.50.5
Fail an ssh attempt into web01 then check the logs on log01 in order to see if the new rules had been applied.
- fw01 Log Auth Events
set system syslog host 172.16.50.5 facility authpriv level info-> commit and save
exit vyos and spoof invalid logins
Check logs to see the failed login attempts
Include any additional notes or observations made while working on the assignment.
- Augment your documentation to include how to change a vyos password
- Include the process to making an RSA KEY pair
ssh-keygen -t rsa-> makes the key pair
ssh-copy-id user@ip
- Make sure permissions are correct and if there are issues restart the box
**List out any issues that were encountered while working on the assignment. **
N/A
If any issues were solved, list out the resolutions for each problem.
N/A
List out any questions that arose while working on the assignment.
N/A