Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add CMS report #166

Closed
wants to merge 1 commit into from
+430 −38,785
Closed

Add CMS report #166

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
218 changes: 109 additions & 109 deletions docs/cybersecurity/Ubuntu Server/LDAP Configuration.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,109 +1,109 @@
---
sidebar_position: 2
---

# Ubuntu Server LDAP Configuration

:::info
**Document Creation:** 16 September, 2024. **Last Edited:** 18 September, 2024. **Authors:** Drew Baker.
<br></br>**Effective Date:** 18 September 2024. **Expiry Date:** 18 September 2025.
:::

## Introduction
This document provides detailed instructions for configuring an LDAP directory on an Ubuntu server. It is designed to help users understand the basics of LDAP, its practical uses, and how to contribute to the company’s ongoing development efforts. The aim is to give users a working understanding of LDAP configurations so they can expand upon the system and apply it to their projects or initiatives.

## LDAP Setup
To set up the `RedOps Ubuntu Server` with LDAP, it's recommended to deploy this virtual machine (VM) on a separate system for convenience. For example, in my deployment, I used a Windows 10 Pro host that is scheduled for retirement, with an added registry key to auto-launch the VM at startup. If you`d like to replicate this setup, follow these steps:

1. Download the `Ubuntu Server Workspace` OVA file from the `Cyber Security Team > 2024 Trimester 2` folder on the company SharePoint.
> The system credintials should have modified from the defualt **USER:** `rboadmin` **PASS:** `admin`
:::important
**Note the LDAP login credentials are:**
**USER:** `rbosys`
**PASS:** `admin`
:::

2. After importing the appliance and ensuring your network adapter settings are correct, boot the machine, sign in, and run the following commands to update the system:
```bash
sudo apt update
sudo apt upgrade
```

3. Install LDAP-related packages:
```bash
sudo apt install slapd ldap-utils
sudo dpkg-reconfigure slapd
```

4. Manage the `slapd` service using the following commands:
```bash
sudo systemctl start slapd
sudo systemctl status slapd
sudo systemctl stop slapd
sudo systemctl restart slapd
```

5. Change the default password from `admin` and share it, along with the server’s IP address and chosen external port (if port forwarding is enabled), with your team.
> To check your IP, run:
```bash
curl ifconfig.me
```

6. Perform a basic LDAP search to verify the setup:
```bash
ldapsearch -x -LLL -H ldap:/// -b dc=redbackops,dc=org,dc=au
```
> or
```bash
ldapsearch -Q -LLL -Y EXTERNAL -H ldap:///
```


## LDAP Directory Structure and Entries
The `/etc/ldap/ldap.conf` has been modified to allow easier use of the LDAP utilities,
To add some initial LDAP entries, create a base structure for People and Groups as follows:

1. Create the base structure in an LDIF file (e.g., `base.ldif`):
```bash
dn: ou=People,dc=redbackops,dc=org,dc=au
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=redbackops,dc=org,dc=au
objectClass: organizationalUnit
ou: Groups
```

2. Add these entries to the LDAP directory:
```bash
sudo ldapadd -x -D cn=admin,dc=redbackops,dc=org,dc=au -W -f base.ldif
```

3. Add a user (`jdoe`) and a group (`developers`) in an LDIF file (e.g., `add_entries.ldif`):
```bash
dn: uid=jdoe,ou=People,,dc=redbackops,dc=org,dc=au
objectClass: inetOrgPerson
uid: jdoe
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
userPassword: secret
mail: [email protected]

dn: cn=developers,ou=Groups,dc=redbackops,dc=org,dc=au
objectClass: posixGroup
cn: developers
gidNumber: 5000
memberUid: jdoe
```

4. Add the entries to the LDAP directory:
```bash
sudo ldapadd -x -D cn=admin,dc=redbackops,dc=org,dc=au -W -f add_entries.ldif
```

5. Verify that the user `jdoe` was added successfully:
```bash
ldapsearch -x -LLL -b dc=redbackops,dc=org,dc=au `uid=jdoe`
```
---
sidebar_position: 2
---

# Ubuntu Server LDAP Configuration

:::info
**Document Creation:** 16 September, 2024. **Last Edited:** 18 September, 2024. **Authors:** Drew Baker.
<br></br>**Effective Date:** 18 September 2024. **Expiry Date:** 18 September 2025.
:::

## Introduction
This document provides detailed instructions for configuring an LDAP directory on an Ubuntu server. It is designed to help users understand the basics of LDAP, its practical uses, and how to contribute to the company’s ongoing development efforts. The aim is to give users a working understanding of LDAP configurations so they can expand upon the system and apply it to their projects or initiatives.

## LDAP Setup
To set up the `RedOps Ubuntu Server` with LDAP, it's recommended to deploy this virtual machine (VM) on a separate system for convenience. For example, in my deployment, I used a Windows 10 Pro host that is scheduled for retirement, with an added registry key to auto-launch the VM at startup. If you`d like to replicate this setup, follow these steps:

1. Download the `Ubuntu Server Workspace` OVA file from the `Cyber Security Team > 2024 Trimester 2` folder on the company SharePoint.
> The system credintials should have modified from the defualt **USER:** `rboadmin` **PASS:** `admin`
:::important
**Note the LDAP login credentials are:**
**USER:** `rbosys`
**PASS:** `admin`
:::

2. After importing the appliance and ensuring your network adapter settings are correct, boot the machine, sign in, and run the following commands to update the system:
```bash
sudo apt update
sudo apt upgrade
```

3. Install LDAP-related packages:
```bash
sudo apt install slapd ldap-utils
sudo dpkg-reconfigure slapd
```

4. Manage the `slapd` service using the following commands:
```bash
sudo systemctl start slapd
sudo systemctl status slapd
sudo systemctl stop slapd
sudo systemctl restart slapd
```

5. Change the default password from `admin` and share it, along with the server’s IP address and chosen external port (if port forwarding is enabled), with your team.
> To check your IP, run:
```bash
curl ifconfig.me
```

6. Perform a basic LDAP search to verify the setup:
```bash
ldapsearch -x -LLL -H ldap:/// -b dc=redbackops,dc=org,dc=au
```
> or
```bash
ldapsearch -Q -LLL -Y EXTERNAL -H ldap:///
```


## LDAP Directory Structure and Entries
The `/etc/ldap/ldap.conf` has been modified to allow easier use of the LDAP utilities,
To add some initial LDAP entries, create a base structure for People and Groups as follows:

1. Create the base structure in an LDIF file (e.g., `base.ldif`):
```bash
dn: ou=People,dc=redbackops,dc=org,dc=au
objectClass: organizationalUnit
ou: People

dn: ou=Groups,dc=redbackops,dc=org,dc=au
objectClass: organizationalUnit
ou: Groups
```

2. Add these entries to the LDAP directory:
```bash
sudo ldapadd -x -D cn=admin,dc=redbackops,dc=org,dc=au -W -f base.ldif
```

3. Add a user (`jdoe`) and a group (`developers`) in an LDIF file (e.g., `add_entries.ldif`):
```bash
dn: uid=jdoe,ou=People,,dc=redbackops,dc=org,dc=au
objectClass: inetOrgPerson
uid: jdoe
sn: Doe
givenName: John
cn: John Doe
displayName: John Doe
userPassword: secret
mail: [email protected]

dn: cn=developers,ou=Groups,dc=redbackops,dc=org,dc=au
objectClass: posixGroup
cn: developers
gidNumber: 5000
memberUid: jdoe
```

4. Add the entries to the LDAP directory:
```bash
sudo ldapadd -x -D cn=admin,dc=redbackops,dc=org,dc=au -W -f add_entries.ldif
```

5. Verify that the user `jdoe` was added successfully:
```bash
ldapsearch -x -LLL -b dc=redbackops,dc=org,dc=au `uid=jdoe`
```
166 changes: 83 additions & 83 deletions docs/cybersecurity/Ubuntu Server/Optional Services.md
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,83 +1,83 @@
---
sidebar_position: 3
---
# Ubuntu Server Optional Services
:::info
**Document Creation:** 20 September 2024.
**Last Edited:** 20 September 2024.
**Authors:** Drew Baker.
**Effective Date:** 20 September 2024.
**Expiry Date:** 20 September 2025.
:::
## Introduction
This document outlines several optional services that can be installed and configured to enhance the functionality, security, and remote accessibility of an Ubuntu server. It covers secure access methods such as SSH, secure file transfer through FTP, network management utilities, SSL encryption, and VirtualBox network settings. Each service is critical for managing and securing the server in a production environment.
## SSH Service (OpenSSH)
The **OpenSSH** package is essential for secure remote access to the server. SSH (Secure Shell) allows administrators to connect, execute commands, and manage files over an encrypted connection, ensuring that communication is secure from potential eavesdropping.
- **Commands used:**
```bash
sudo systemctl status ssh
sudo ufw allow ssh
```
Once installed and configured, SSH allows administrators to securely manage the server for tasks such as installing software, configuring services, and performing remote administration.
## net-tools
The **net-tools** package provides essential network management utilities such as **`ifconfig`**, which displays the current state of the network interfaces. It is used to view and manage IP addresses, subnet masks, and other configuration details critical to network services.
- **Commands used:**
```bash
sudo apt install net-tools
ifconfig
```
This tool is particularly useful for configuring networking on the server, especially when working with virtual machines or diagnosing network connectivity issues.
## FTP Service (vsftpd)
The **vsftpd** package (Very Secure FTP Daemon) is installed to provide **FTP** (File Transfer Protocol) services. FTP allows users to securely upload and download files between the server and remote clients. Additionally, **SSL certificates** are installed to secure FTP traffic, enabling FTPS (FTP Secure), which encrypts file transfers to prevent unauthorized access to sensitive data.
- **Commands used:**
```bash
sudo apt install vsftpd
sudo ufw allow 20/tcp && sudo ufw allow 21/tcp
```
Once installed, **vsftpd** provides secure and encrypted file transfer capabilities, which are essential for remote users who need to manage files on the server.
## SSL Certificates
During the installation process, the **ssl-cert** package was installed to enable **SSL/TLS** for secure communication. SSL certificates are crucial for encrypting data exchanged between the server and clients, especially when dealing with sensitive information such as login credentials and file transfers over FTP.
- **Command used:**
```bash
sudo apt install ssl-cert
```
By enabling SSL, services like FTP and web servers can encrypt traffic, preventing eavesdropping and data tampering during transmissions.
## VirtualBox Network Configuration
Though not a software package, VirtualBox network settings are critical for configuring virtual machines on the **Ubuntu Server Workspace**. The network adapter was set to **Bridged Mode**, which allows the VM to obtain an IP address and be accessible on the local network. Additionally, **Promiscuous Mode** was set to **Allow All**, enabling network monitoring and packet capturing from the virtual machine.
- **Settings applied:**
- Adapter 1: **Bridged Adapter**
- Promiscuous Mode: **Allow All**
- MAC Address: Configured automatically
These network configurations are vital for providing services such as SSH and FTP, ensuring the VM has proper network connectivity and can communicate externally.
## Checking Ports and Services
To ensure that the LDAP service (and other services like SSH and FTP) are running correctly and listening on the appropriate ports, two utilities were used: **lsof** and **netstat**.
### Checking LDAP Ports with `lsof`
The **`lsof`** command lists open files and the processes that are using them, which is helpful for checking which ports services like **slapd** (LDAP daemon) are using.
- **Command used:**
```bash
sudo lsof -i -P -n | grep slapd
```
This command shows that **slapd** is listening on **port 389** (the default LDAP port) for both IPv4 and IPv6 connections, confirming that the LDAP service is running and ready to accept connections.
### Checking Open Ports with `netstat`
The **`netstat`** command displays active connections, routing tables, interface statistics, and open ports. It can be used to verify that the necessary ports are open and listening for connections.
- **Command used:**
```bash
sudo netstat -tuln | grep :389
```
This output confirms that **port 389** is open and listening for both IPv4 and IPv6 traffic, validating that the LDAP service is available and functional.
---
sidebar_position: 3
---

# Ubuntu Server Optional Services

:::info
**Document Creation:** 20 September 2024.
**Last Edited:** 20 September 2024.
**Authors:** Drew Baker.
**Effective Date:** 20 September 2024.
**Expiry Date:** 20 September 2025.
:::

## Introduction
This document outlines several optional services that can be installed and configured to enhance the functionality, security, and remote accessibility of an Ubuntu server. It covers secure access methods such as SSH, secure file transfer through FTP, network management utilities, SSL encryption, and VirtualBox network settings. Each service is critical for managing and securing the server in a production environment.

## SSH Service (OpenSSH)
The **OpenSSH** package is essential for secure remote access to the server. SSH (Secure Shell) allows administrators to connect, execute commands, and manage files over an encrypted connection, ensuring that communication is secure from potential eavesdropping.

- **Commands used:**
```bash
sudo systemctl status ssh
sudo ufw allow ssh
```
Once installed and configured, SSH allows administrators to securely manage the server for tasks such as installing software, configuring services, and performing remote administration.

## net-tools
The **net-tools** package provides essential network management utilities such as **`ifconfig`**, which displays the current state of the network interfaces. It is used to view and manage IP addresses, subnet masks, and other configuration details critical to network services.
- **Commands used:**
```bash
sudo apt install net-tools
ifconfig
```
This tool is particularly useful for configuring networking on the server, especially when working with virtual machines or diagnosing network connectivity issues.

## FTP Service (vsftpd)
The **vsftpd** package (Very Secure FTP Daemon) is installed to provide **FTP** (File Transfer Protocol) services. FTP allows users to securely upload and download files between the server and remote clients. Additionally, **SSL certificates** are installed to secure FTP traffic, enabling FTPS (FTP Secure), which encrypts file transfers to prevent unauthorized access to sensitive data.

- **Commands used:**
```bash
sudo apt install vsftpd
sudo ufw allow 20/tcp && sudo ufw allow 21/tcp
```
Once installed, **vsftpd** provides secure and encrypted file transfer capabilities, which are essential for remote users who need to manage files on the server.

## SSL Certificates
During the installation process, the **ssl-cert** package was installed to enable **SSL/TLS** for secure communication. SSL certificates are crucial for encrypting data exchanged between the server and clients, especially when dealing with sensitive information such as login credentials and file transfers over FTP.

- **Command used:**
```bash
sudo apt install ssl-cert
```
By enabling SSL, services like FTP and web servers can encrypt traffic, preventing eavesdropping and data tampering during transmissions.

## VirtualBox Network Configuration
Though not a software package, VirtualBox network settings are critical for configuring virtual machines on the **Ubuntu Server Workspace**. The network adapter was set to **Bridged Mode**, which allows the VM to obtain an IP address and be accessible on the local network. Additionally, **Promiscuous Mode** was set to **Allow All**, enabling network monitoring and packet capturing from the virtual machine.
- **Settings applied:**
- Adapter 1: **Bridged Adapter**
- Promiscuous Mode: **Allow All**
- MAC Address: Configured automatically
These network configurations are vital for providing services such as SSH and FTP, ensuring the VM has proper network connectivity and can communicate externally.

## Checking Ports and Services
To ensure that the LDAP service (and other services like SSH and FTP) are running correctly and listening on the appropriate ports, two utilities were used: **lsof** and **netstat**.

### Checking LDAP Ports with `lsof`
The **`lsof`** command lists open files and the processes that are using them, which is helpful for checking which ports services like **slapd** (LDAP daemon) are using.

- **Command used:**
```bash
sudo lsof -i -P -n | grep slapd
```
This command shows that **slapd** is listening on **port 389** (the default LDAP port) for both IPv4 and IPv6 connections, confirming that the LDAP service is running and ready to accept connections.

### Checking Open Ports with `netstat`
The **`netstat`** command displays active connections, routing tables, interface statistics, and open ports. It can be used to verify that the necessary ports are open and listening for connections.
- **Command used:**

```bash
sudo netstat -tuln | grep :389
```
This output confirms that **port 389** is open and listening for both IPv4 and IPv6 traffic, validating that the LDAP service is available and functional.
Loading
Loading