Lab 2 - Permissions and Software Management

Expectations

Labs in this class are built to encourage creativity and problem-solving abilities. Thus, the instructions provided in these labs will generally not be comprehensive. This is to better mimic the real world, where documentation on how to complete a desired task may be sparse or even nonexistent. Students are encouraged to use external resources to complete these labs. However, do not hesitate to ask me for help. I will always be willing to provide more information as needed.

Objectives

• Install a GUI of your choice onto your Ubuntu server
• Install and configure xrdp on your Ubuntu Server
• Enable remote desktop into your Ubuntu server (Just like you did for SSH)
• Install syslog-ng onto your Ubuntu
• Configure OPNSense to send syslogs to your syslog server on Ubuntu
• Become familiar with how file permissions work on Unix/Linux

Stage 1 - Installing a GUI on Ubuntu

You may install a GUI of your choice on Ubuntu. However, I have linked a guide below which provides instructions on how to install the default Ubuntu desktop environment.

Visit this link here: https://phoenixnap.com/kb/how-to-install-a-gui-on-ubuntu

There are numerous possible desktop environments to choose from, each with their own pros and cons. Do a little research to see which one you prefer. Alternatively, just go ahead with the defaults.

Stage 2 - Installing and exposing xrdp

Installing xrdp on Ubuntu is a relatively straightforward process, with a multitude of guides online available to you. Try and find one you like and work through it, solving any problems you encounter along the way. You will need to find the port that xrdp uses, then port forward it in OPNsense to enable remote desktop from outside your "LAN", just like you did for SSH in lab 1.

To connect to your Ubuntu machine via remote desktop, do one of the following:

• If on Windows, search Remote Desktop Connection in the Windows search, and open the program of that name
• On MacOS/Linux, you will have to do some research to find and install and RDP client

Don't forget that to connect to your Ubuntu machine, you will need to use the WAN IP address (10.10.X.X), not it's LAN (192.168.X.X)

You may notice that upon attempting to RDP into your Ubuntu machine remotely, it connects but fails to start a remote desktop session. This is likely because you're still logged in as the same user already. Try logging into your Ubuntu server via Proxmox, and "logout" from your desktop session, then try again.

Stage 3 - Installing syslog-ng

The provided GitHub repository contains instructions on how to install syslog-ng. You will need to install this software on Ubuntu, then configure OPNsense to send its system logs to the syslog server you just installed. Use resources available to you to determine how the complete this task.

GitHub: https://github.com/syslog-ng/syslog-ng (Please read through the entire README file before continuing)

You should notice that syslog-ng provides the option to either install from source, or install from binaries. I'd highly recommend installing from the prebuilt binaries using a package manager (Such as apt), though you can install from source if you desire.

Next, you will want to check that syslog-ng is running. Given your knowledge of Linux, how might you do so?

Syslog-ng Quickstart Section

Pay special attention to the syslog-ng "quickstart" section inside the README file. This describes the proper method for configuring syslog-ng such that it will accept logs from OPNSense. This will take some trial and error! First, see if you can find where syslog-ng stores it's configuring file, and what it's named. Also, take a moment to read through this configuration file command before you begin making changes. Even if you end up completely overwriting it later, it's always good to see what's already there.

There is a link in the GitHub repo pointing to a more in depth quickstart guide.
Remember that we're currently setting up syslog-ng as a server that receives log messages from client hosts!

Before making changes to your syslog configuration file, it's normally advisable to create a backup! You can do this by running the following command: cp conf_file_name conf_backup_name, which will create a copy under the new name.

Stage 4 - Configuring OPNsense to send syslogs

OPNsense has a built in syslog application, and that application has the ability to send it's logs to a remote destination. Try to see if you can find where these settings might be located. 

When you find the OPNsense settings for setting syslog targets, it will ask you to set a "Hostname" as the target. This should be set to the IP address (192.168.X.X) of your Ubuntu machine. Verify you're typing in the right address, or it will not work!

Once you've configured OPNsense to send it's logs to a remote destination, the next stage is to make sure syslog-ng on your Ubuntu machine is correctly configured to receive this logs. For the purposes of this lab, a simpler configuration file is better. Go ahead and make a backup of the original, then create a new empty configuration file. 

Everything you need to know about what to put inside the syslog configuration file is in the GitHub README file. Given what's there, what do you think your final syslog configuration file should look like?

In your configuration file, you should've specified the destination file where you're syslogs would be written. If everything has been configured correctly, it should look something like this when running the sudo tail <log_file_here> command (The tail command prints out the last 10 lines of a file by default):

Jan 31 18:24:12 msense filterlog[86694]: 5,,,02f4bab031b57d1e30553ce08e0ec131,vtnet0,match,block,in,4,0x0,,1,61455,0,none,17,udp,242,10.10.6.13,224.0.0.251,5353,5353,222
Jan 31 18:24:12 msense filterlog[86694]: 68,,,f140a48ddade668b9d6f5259669a1d5c,vtnet0,match,block,in,6,0x00,0xfbfc8,1,udp,17,222,fe80::44e6:dcc0:bda8:48cd,ff02::fb,5353,5353,222
Jan 31 18:24:26 msense filterlog[86694]: 68,,,f140a48ddade668b9d6f5259669a1d5c,vtnet0,match,block,in,6,0x00,0x00000,1,udp,17,76,fe80::ff:fef2:774a,ff02::1:2,546,547,76
Jan 31 18:24:36 msense filterlog[86694]: 72,,,d732bf074e5af1431615bc5c20ab4d3c,vtnet0,match,pass,out,4,0xb8,,64,31330,0,none,17,udp,76,10.10.6.64,155.248.196.28,123,123,56
Jan 31 18:24:40 msense filterlog[86694]: 70,,,fae559338f65e11c53669fc3642c93c2,vtnet0,match,pass,out,6,0x00,0x00000,1,udp,17,60,fe80::ff:fe30:8f6e,ff02::1:2,546,547,60
Jan 31 18:24:50 msense filterlog[86694]: 68,,,f140a48ddade668b9d6f5259669a1d5c,vtnet0,match,block,in,6,0x00,0x00000,1,udp,17,36,fe80::ff:fe6c:8902,ff02::1:2,546,547,36
Jan 31 23:25:00 msense /usr/sbin/cron[13683]: (root) CMD (/usr/libexec/atrun)
Jan 31 23:25:00 msense /usr/sbin/cron[13761]: (root) CMD ((/usr/local/bin/flock -n -E 0 -o /tmp/filter_update_tables.lock /usr/local/opnsense/scripts/filter/update_tables.py) > /dev/null)
Jan 31 18:25:00 msense filterlog[86694]: 68,,,f140a48ddade668b9d6f5259669a1d5c,vtnet0,match,block,in,6,0x00,0x00000,1,udp,17,76,fe80::ff:fe8a:e3a3,ff02::1:2,546,547,76
Jan 31 18:25:03 msense filterlog[86694]: 68,,,f140a48ddade668b9d6f5259669a1d5c,vtnet0,match,block,in,6,0x00,0x00000,1,udp,17,76,fe80::ff:fe68:6a7d,ff02::1:2,546,547,76

Notice how you see "msense" appear at the beginning of each line. In your case, it would say "OPNsense" if you haven't changed the default hostname of your OPNsense VM. 

Stage 5 - Setting machine timezones

By default, both your OPNsense machine and Ubuntu are set to the UTC timezone. This will likely be apparent in the syslogs being seemingly several hours ahead. For OPNsense, you can adjust this in the WebGUI. In Ubuntu, you can modify it with a simple command. 

Go ahead and change the timezone of both servers to match our current timezone.

Stage 6 - Permissions

Write a short summary of the following article: https://www.redhat.com/sysadmin/linux-file-permissions-explained

Next, execute the following steps:

1. Create a file called test.sh with touch
2. Change the permissions to user=read, write, execute; group and others to have none
3. Change ownership of the file to be root then attempt to access the file
4. Change the ownership back to yourself and edit the file
   1. Add #!/bin/bash to the first line and echo hello world to second line
5. Run the script with ./test.sh
6. Remove the executable permission and try to run the script again

Deliverables

• Demonstrate yourself using the Ubuntu GUI
• Show yourself accessing your Ubuntu machine via RDP
• Demonstrate syslog-ng is running
• Demonstrate syslog-ng is receiving OPNsense system logs by showing logs from OPNsense stored on your Ubuntu machine
• Submit the short summary from stage 6 to the lab drop box on eClass