diff --git a/.DS_Store b/.DS_Store index 0cb8e8d..b98dabe 100644 Binary files a/.DS_Store and b/.DS_Store differ diff --git a/.obsidian/workspace.json b/.obsidian/workspace.json index b790064..bcf711a 100644 --- a/.obsidian/workspace.json +++ b/.obsidian/workspace.json @@ -37,7 +37,7 @@ "state": { "type": "markdown", "state": { - "file": "diary/2025-05-12.md", + "file": "diary/2025-05-13.md", "mode": "source", "source": true, "backlinks": true, @@ -52,83 +52,11 @@ } }, "icon": "lucide-file", - "title": "2025-05-12" - } - }, - { - "id": "86c29268ca41e5b5", - "type": "leaf", - "state": { - "type": "markdown", - "state": { - "file": "projects/ssr/20250508-Zertifikate-einspielen.md", - "mode": "source", - "source": true, - "backlinks": true, - "backlinkOpts": { - "collapseAll": false, - "extraContext": false, - "sortOrder": "alphabetical", - "showSearch": false, - "searchQuery": "", - "backlinkCollapsed": false, - "unlinkedCollapsed": true - } - }, - "icon": "lucide-file", - "title": "20250508-Zertifikate-einspielen" - } - }, - { - "id": "9561e0ce96909fdd", - "type": "leaf", - "state": { - "type": "markdown", - "state": { - "file": "projects/patryk-projekt/202503012-initial.md", - "mode": "source", - "source": true, - "backlinks": true, - "backlinkOpts": { - "collapseAll": false, - "extraContext": false, - "sortOrder": "alphabetical", - "showSearch": false, - "searchQuery": "", - "backlinkCollapsed": false, - "unlinkedCollapsed": true - } - }, - "icon": "lucide-file", - "title": "202503012-initial" - } - }, - { - "id": "9700bd7cccc0bbf4", - "type": "leaf", - "state": { - "type": "markdown", - "state": { - "file": "projects/patryk-projekt/20250512-gemma-planning.md", - "mode": "preview", - "source": true, - "backlinks": true, - "backlinkOpts": { - "collapseAll": false, - "extraContext": false, - "sortOrder": "alphabetical", - "showSearch": false, - "searchQuery": "", - "backlinkCollapsed": false, - "unlinkedCollapsed": true - } - }, - "icon": "lucide-file", - "title": "20250512-gemma-planning" + "title": "2025-05-13" } } ], - "currentTab": 4 + "currentTab": 1 } ], "direction": "vertical" @@ -304,16 +232,20 @@ "templater-obsidian:Templater": false } }, - "active": "9700bd7cccc0bbf4", + "active": "b865e0663684cf60", "lastOpenFiles": [ - "projects/patryk-projekt/202503012-initial.md", - "projects/ssr/20250508-Zertifikate-einspielen.md", "projects/patryk-projekt/20250512-gemma-planning.md", - "projects/patryk-projekt/20250319-projekt-berschreibung.md", + "projects/patryk-projekt/202503012-initial.md", + "diary/2025-05-13.md", + "projects/ssr/20250508-Zertifikate-einspielen.md", + "projects/sbx/sbx-lab-network.md", "diary/2025-05-12.md", + "projects/OPNsense/STANDARDS/possible-impovements.md", + "projects/discopharma/20250320-manual-project.md", + "projects/patryk-projekt/20250512-gemma-planning.tex", + "projects/patryk-projekt/20250319-projekt-berschreibung.md", "diary/2025-05-09.md", "diary/2025-05-08.md", - "projects/OPNsense/STANDARDS/possible-impovements.md", "projects/OPNsense/STANDARDS/Monthly-Time.md", "projects/OPNsense/STANDARDS/Feature-Capability.md", "projects/sbx/meetings/20250506-saulius-meetup.md", @@ -330,11 +262,8 @@ "projects/sbx/manuals/Sophos-SG_PPPoE-data.md", "projects/w&h-Projekt/20250430-ap-in-garten.md", "diary/2025-04-29.md", - "projects/kwa/firewall_migration/20250317_first-meeting.md", "projects/w&h-Projekt", - "diary/2025-04-30.md", "projects/OPNsense/Schulungen/Untitled", - "projects/OPNsense/unknown/opnsense-proposal-draft.md", "projects/OPNsense/STANDARDS", "projects/OPNsense/unknown", "archive/APSA", @@ -342,7 +271,6 @@ "projects/win10_2_win11", "projects/sbx/manuals", "projects/ssr/202504-4architekten", - "projects/sbx/firewall-std", "files/discopharma/discopharma-infra.drawio.png" ] } \ No newline at end of file diff --git a/diary/2025-05-12.md b/diary/2025-05-12.md index 932ba78..85bfd34 100644 --- a/diary/2025-05-12.md +++ b/diary/2025-05-12.md @@ -17,6 +17,7 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\ - [ ] Firewall Migration - mache Termin mit ssr aus. frage nina vorher ob noetig - [ ] MS Teams nicht mehr unterstuetzt unter MacOS<=13 - [ ] Domaenen umziehen +- [ ] m365 migration: Max sein Thema ### Todo @@ -27,7 +28,14 @@ $i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\ - 09:00 - 09:30: Gespraech mit Patryk, Kaffee machen, Sortieren, Planen - 09:30 - 10:00: Ticketpflege - 10:00 - 10:15: Pause -- 10:15 - 10:45: Patryk Projekt Planung +- 10:15 - 11:00: Patryk Projekt Planung +- 11:00 - 11:30: blocherer schule. AP nicht angebunden +- 11:45 - 12:45: Pause +- 13:15 - 14:15: Meeting mit Patryk +- 14:15 - 14:30: Nina schreiben wegen der Firewall Migration +- 14:30 - 14:45: Wazuh Installationsmethode lernen +- 14:45 - 15:15: SSR Zertifikate einspielen, Zertifikate Format anpassen und Passwortschutz entfernen +- 15:15 - 17:15: Patryk: Wazuh Server installieren und VM fuer Wazuh Agent installieren, Win11 Test VM fuer Patryk installieren, Wazuh testweise anschauen ## todo diff --git a/diary/2025-05-13.md b/diary/2025-05-13.md new file mode 100644 index 0000000..29602ed --- /dev/null +++ b/diary/2025-05-13.md @@ -0,0 +1,64 @@ +$i\hbar \frac{\partial}{\partial t} \Large{|}\psi \Large{>} = \hat{H} \Large{|}\psi \Large{>}$ + +![important](files/sbx/important.png) + + +### SSR offene Themen + +- [ ] Firewall Migration - mache Termin mit ssr aus. frage nina vorher ob noetig +- [ ] MS Teams nicht mehr unterstuetzt unter MacOS<=13 +- [ ] Domaenen umziehen +- [ ] m365 migration: Max sein Thema + +## Timestamps + +- 08:00 - 08:30: MacOS Update +- 08:30 - 08:45: Gespraech mit Saulius zu seiner Matrix +- 08:45 - 09:15: [x] KWA: Kristina kann kein Ticket erstellen und sie kann einer benoetigten Gruppe nicht beitreten, Pruefe M365 dashboard auf Berechtigungen fuer das Postfach 635, Gespraech mit Michael zu Ninja Agent Fehler +- 09:15 - 09:45: [x] Kontakt zu Kristina Franzl, Postfach einbinden, Test Ticket erstellen +- 09:45 - 10:00: Private Planung +- 10:00 - 11:30: Saulius Matrix und Profil +- 12:00 - 13:00: Pause +- 13:00 - 14:00: SSR zertifikate einspielen: firewall, mail server, filewave, nas/synology, mailstore, ldap server; nas update +- 14:00 - 14:30: Lebenslauf fuer Saulius erweitern +- 14:30 - 14:40: ILo Lizenz bei NeoSphere einspielen fuer ubt03 +- 14:40 - 15:00: Gespraech mit Sebastian +- 15:00 - 15:30: + +## Monday + +- 09:00 - 09:30: Gespraech mit Patryk, Kaffee machen, Sortieren, Planen +- 09:30 - 10:00: Ticketpflege +- 10:00 - 10:15: Pause +- 10:15 - 11:00: Patryk Projekt Planung +- 11:00 - 11:30: blocherer schule. AP nicht angebunden +- 11:45 - 12:45: Pause +- 13:15 - 14:15: Meeting mit Patryk +- 14:15 - 14:30: Nina schreiben wegen der Firewall Migration +- 14:30 - 14:45: Wazuh Installationsmethode lernen +- 14:45 - 15:15: SSR Zertifikate einspielen, Zertifikate Format anpassen und Passwortschutz entfernen +- 15:15 - 17:15: Patryk: Wazuh Server installieren und VM fuer Wazuh Agent installieren, Win11 Test VM fuer Patryk installieren, Wazuh testweise anschauen + +## todo + +### General + +- [ ] Liste erstellen aller Projekte, die es gibt und neuem Mitarbeiter vorstellen +- [ ] handout fuer jeweils sophos und opnsense als vergleich + +- [ ] verbraucherzentrale cybercns ueberpruefung - kw ab dem 16.01 wegen baldiger sicherheitspruefung + +- [=] filewave - integrate new admin user - integrated in filewave - need to be tested and then deployed on all macs +- [ ] kwa/ssr snmp karten fuer usv +- [ ] update filewave admin und central + +### SBX + +- [ ] backup on external drive for pve.lab.softbox.net + +- [ ] check if possible to monitor vsphere passwd expiration +- [ ] create obsidian templates (Meetings, People, ) +- [ ] sbx - opsreportcard summary for action plan + +- [ ] fuege bharchitekten zu connectsecure hinzu +- [ ] erstelle connectsecure report fuer grasslfing diff --git a/files/.DS_Store b/files/.DS_Store index 2ee68f2..a04115c 100644 Binary files a/files/.DS_Store and b/files/.DS_Store differ diff --git a/projects/patryk-projekt/20250512-gemma-planning.md b/projects/patryk-projekt/20250512-gemma-planning.md index d2955c9..11e1076 100644 --- a/projects/patryk-projekt/20250512-gemma-planning.md +++ b/projects/patryk-projekt/20250512-gemma-planning.md @@ -1,3 +1,12 @@ +--- +title: "Wazuh - Patryk Chrostowski" +author: Petar Cubela +date: May 12, 2025 +geometry: margin=1.5cm +output: pdf_document +--- + +## Gemma ### USER I am a project supporter for a trainee which is working on his final project. diff --git a/projects/patryk-projekt/20250512-gemma-planning.tex b/projects/patryk-projekt/20250512-gemma-planning.tex new file mode 100644 index 0000000..ac83ddb --- /dev/null +++ b/projects/patryk-projekt/20250512-gemma-planning.tex @@ -0,0 +1,502 @@ +\subsection{Gemma}\label{gemma} + +\subsubsection{USER}\label{user} + +I am a project supporter for a trainee which is working on his final +project.\\ +The project studies the implementation and evaluation of the open source +security solution, \href{https://documentation.wazuh.com/}{Wazuh}.\\ +\textbf{Study the documentation via a Web Search before answering.} + +The project has to be completed in a time span of two weeks (10 work +days). + +For our hardware base we have a computer with 32 GB of RAM and a strong +enough CPU.\\ +Outline the project planning; this is a template for the project +goals:\\ +1. Implement Wazuh in a test environment. The base infrastructure has to +be build and prepared. (Which OS?, Infrastructure scheme for the Wazuh +agent, manager and alerting systems)\\ +2. Implementation of penetration tests and potential attack scenarios +(brute-force-attacks, port-scanning and exploits and weaknesses)\\ +3. Analysis of Wazuh's reaction. (Real time monitoring and alerting, +automatic defense mechanisms, Logging and Reporting)\\ +4. Optimization of Wazuh and Security policies.\\ +5. Piratical importance and use in the industry + +Think about the time scheduling and difficulties in the project. + +\subsubsection{ASSISTANT}\label{assistant} + +Okay, let's map out a project plan for your trainee's Wazuh final +project. Considering the two-week (10 workdays) timeframe, a Proxmox +base, and the scope you're outlining, we need to be realistic and +prioritize. This outline balances project goals with achievable +milestones within the time constraint. I'll provide a detailed schedule +with estimated time commitments and potential pitfalls. + +\textbf{Overall Strategy:} We're going to aim for a \emph{functional} +implementation with a strong foundation for further exploration. We +won't necessarily cover \emph{every} feature of Wazuh in detail, but we +will demonstrate core functionality and build a platform for the trainee +to learn more. Documenting each step thoroughly is crucial, not just for +the project itself, but also for the trainee's learning. + +\textbf{1. Infrastructure \& Base Build (Days 1-2 -- High Priority)} + +\begin{itemize} +\tightlist +\item + \textbf{Operating System Choice:} Ubuntu Server 22.04 LTS is a solid + choice. It's widely supported, has excellent Wazuh compatibility, and + is familiar to many Linux users. Debian is also excellent, but + Ubuntu's larger community and readily available resources often make + troubleshooting easier. +\item + \textbf{Proxmox VM Configuration:} + + \begin{itemize} + \tightlist + \item + \textbf{Manager VM:} Minimum 4GB RAM (6-8GB is better for future + expansion), 2 vCPUs. Allocate enough disk space (50GB+) for logs and + Wazuh data. + \item + \textbf{Agent VM (at least 2-3 for testing):} 2GB RAM is typically + sufficient. Allocate 20-30GB of disk space. + \end{itemize} +\item + \textbf{Infrastructure Scheme:} + + \begin{itemize} + \tightlist + \item + \textbf{Manager (Centralized):} This VM hosts the Wazuh manager + components: \texttt{wazuh-manager}, \texttt{wazuh-logtest}, + \texttt{wazuh-api}, and database (Elasticsearch is standard). + \item + \textbf{Agents (Distributed):} These VMs are the targets of Wazuh + monitoring. They run the \texttt{wazuh-agent} process. Ideally, + these should represent different ``typical'' workloads: a web + server, a database server (if possible), and maybe a desktop + environment. + \item + \textbf{Alerting:} We'll leverage Wazuh's built-in alerting + mechanism (email, Syslog). We're not setting up a dedicated external + SIEM in this timeframe. + \end{itemize} +\item + \textbf{Task Breakdown (Days 1-2):} + + \begin{itemize} + \tightlist + \item + \textbf{Day 1:} Proxmox setup, Manager VM creation \& basic + configuration (network, hostname, time). + \item + \textbf{Day 1.5:} Agent VM creation (at least 2, more if time + allows). + \item + \textbf{Day 2:} Install and configure Wazuh Manager components on + the Manager VM. Initial agent deployment. \emph{Key: Get at least + one agent reporting successfully to the manager.} + \end{itemize} +\end{itemize} + +\textbf{2. Penetration Tests \& Attack Scenarios (Days 3-5 -- Medium +Priority)} + +\begin{itemize} +\tightlist +\item + \textbf{Focus on Fundamentals:} Don't try to do everything. Pick 2-3 + realistic scenarios that demonstrate Wazuh's capabilities. + + \begin{itemize} + \tightlist + \item + \textbf{Scenario 1: Brute-Force SSH:} Simple to execute, + demonstrates authentication monitoring. + \item + \textbf{Scenario 2: Port Scanning (Nmap):} Demonstrates detection of + reconnaissance activity. Make sure the firewall rules don't block + the manager, so Wazuh can detect the scan. + \item + \textbf{Scenario 3: Exploiting a Vulnerable Service (e.g., + vulnerable web server):} Requires more setup but showcases + vulnerability detection (if Wazuh's rules are configured to cover + it, otherwise the goal is to show Wazuh detection and alerting of + unexpected service activity). + \end{itemize} +\item + \textbf{Tools:} Nmap, Hydra (for brute-force), Metasploit (optional + for more complex exploits). +\item + \textbf{Task Breakdown (Days 3-5):} + + \begin{itemize} + \tightlist + \item + \textbf{Day 3:} Set up basic penetration testing environment (tools + installation, initial configuration). Execute SSH brute-force attack + against an agent. + \item + \textbf{Day 4:} Execute port scanning against agents. Begin initial + configuration of Wazuh rules (if time allows, focus on SSH + brute-force and port scanning detection). + \item + \textbf{Day 5:} Execute the vulnerable service exploit (if chosen). + Focus on observing Wazuh's reactions. + \end{itemize} +\end{itemize} + +\textbf{3. Analysis of Wazuh Reaction (Days 5-7 -- High Priority)} + +\begin{itemize} +\tightlist +\item + \textbf{Focus:} Real-time monitoring, alerting effectiveness, log + analysis, and reporting. +\item + \textbf{Metrics:} Time to detection, accuracy of alerts, frequency of + false positives. +\item + \textbf{Tools:} Wazuh dashboard, log files, command-line tools (grep, + less). +\item + \textbf{Task Breakdown (Days 5-7):} + + \begin{itemize} + \tightlist + \item + \textbf{Days 5-6:} Review Wazuh dashboards and logs in real-time + during and after the penetration tests. Analyze the alerts + generated. + \item + \textbf{Day 7:} Generate a basic Wazuh report (daily/weekly summary + of detected events). + \end{itemize} +\end{itemize} + +\textbf{4. Optimization of Wazuh and Security Policies (Days 8-9 -- +Medium Priority)} + +\begin{itemize} +\tightlist +\item + \textbf{Goal:} Reduce false positives, improve detection accuracy, and + tailor Wazuh to the specific environment. +\item + \textbf{Tasks:} Fine-tune Wazuh rules, adjust thresholds, exclude + specific events from monitoring (carefully). +\item + \textbf{Considerations:} This is iterative. Expect to make adjustments + based on observations from the analysis phase. +\item + \textbf{Task Breakdown (Days 8-9):} Review Wazuh's documentation on + rule customization and exclusion. Adjust rules as needed. +\end{itemize} + +\textbf{5. Practical Importance \& Use in the Industry (Day 10 -- Low +Priority/Presentation Prep)} + +\begin{itemize} +\tightlist +\item + \textbf{Research:} Briefly research how Wazuh is used in different + industries (security vendors, cloud providers, etc.). +\item + \textbf{Presentation:} Prepare a short presentation summarizing the + project's findings, demonstrating Wazuh's capabilities, and discussing + its potential benefits. +\end{itemize} + +\textbf{Potential Difficulties \& Mitigation:} + +\begin{itemize} +\tightlist +\item + \textbf{Time Constraints:} Prioritize core functionality. Don't try to + cover everything. +\item + \textbf{Wazuh Complexity:} The initial setup can be challenging. Start + with the basics and gradually add complexity. +\item + \textbf{False Positives:} Expected. Requires time and effort to + mitigate. Emphasize the iterative nature of rule tuning. +\item + \textbf{Proxmox Knowledge:} Ensure the trainee has basic familiarity + with Proxmox. +\item + \textbf{Dependency Conflicts:} Occasionally, packages can conflict. Be + prepared to troubleshoot. +\end{itemize} + +\textbf{Important Notes for the Trainee:} + +\begin{itemize} +\tightlist +\item + \textbf{Documentation:} Document every step, including successes and + failures. This is critical for learning. +\item + \textbf{Ask Questions:} Don't hesitate to ask for help. +\item + \textbf{Focus on Understanding:} The goal is to understand how Wazuh + works, not just to get it working. +\item + \textbf{Have Fun!} +\end{itemize} + +To help me refine this plan further, could you tell me: + +\begin{itemize} +\tightlist +\item + What's the trainee's current level of Linux experience? +\item + Has the trainee worked with Proxmox before? +\item + Are there any specific security concepts or vulnerabilities the + project should focus on? +\end{itemize} + +\subsubsection{USER}\label{user-1} + +Write a summary - potentially visual/graphical - which shows the +structure of the chosen setup: proxmox host with several VMs for the +different purposes with taking into account network settings, user +settings and other necessary information. + +Too answer your questions:\\ +- The trainee's Linux experience is medium. But he has beginner +knowledge in using the command line as he's doing a course by +\url{https://tryhackme.com/login}\\ +- The trainee has not worked with promxox before, but I would help him +to setup it up.\\ +- The project should focus on security concept important in industry +environments which are usually internal networks. + +\subsubsection{ASSISTANT}\label{assistant-1} + +Okay, let's create a visual summary of the proposed setup, tailored to +the trainee's experience and the focus on internal network security. +I'll present this as a layered description that you can translate into a +diagram (using tools like draw.io, Lucidchart, or even just hand-drawn). +I'll then follow this with considerations for user accounts and +networking. + +\textbf{1. Visual Summary - Layered Diagram Description} + +\emph{(Imagine this as a diagram with layers. We'll describe each layer. +I'm using text to represent visual elements; you or the trainee would +translate this into an actual visual representation).} + +\textbf{Layer 3: Physical Hardware (Base)} + +\begin{itemize} +\tightlist +\item + \textbf{Element:} A box labeled ``Proxmox Host Server'' + + \begin{itemize} + \tightlist + \item + \textbf{Attributes:} ``32GB RAM'', ``Strong CPU'', ``Sufficient + Storage'' + \item + \textbf{Connection:} This is the base of the diagram. + \end{itemize} +\end{itemize} + +\textbf{Layer 2: Virtual Machines (VMs)} + +\begin{itemize} +\tightlist +\item + \textbf{Elements:} Three distinct boxes positioned above the Proxmox + Host: + + \begin{itemize} + \tightlist + \item + \textbf{VM1: ``Wazuh Manager''} + + \begin{itemize} + \tightlist + \item + \textbf{Attributes:} ``4GB RAM (6-8GB Recommended)'', ``2 vCPUs'', + ``50GB+ Disk'' + \item + \textbf{Operating System:} Ubuntu Server 22.04 LTS + \item + \textbf{Services:} \texttt{wazuh-manager}, \texttt{wazuh-logtest}, + \texttt{wazuh-api}, Elasticsearch (for Wazuh data) + \end{itemize} + \item + \textbf{VM2: ``Agent 1 -- Web Server''} + + \begin{itemize} + \tightlist + \item + \textbf{Attributes:} ``2GB RAM'', ``1 vCPU'', ``30GB Disk'' + \item + \textbf{Operating System:} Ubuntu Server 22.04 LTS (or a + simplified web server OS like Alpine Linux for minimal attack + surface -- if appropriate for the trainee's skill level) + \item + \textbf{Services:} Apache/Nginx (minimal web server setup), + \texttt{wazuh-agent} + \end{itemize} + \item + \textbf{VM3: ``Agent 2 -- Database Server''} (Optional -- if time + allows and the trainee is comfortable) + + \begin{itemize} + \tightlist + \item + \textbf{Attributes:} ``2GB RAM'', ``1 vCPU'', ``30GB Disk'' + \item + \textbf{Operating System:} Ubuntu Server 22.04 LTS + \item + \textbf{Services:} MySQL/PostgreSQL (minimal database setup), + \texttt{wazuh-agent} + \end{itemize} + \end{itemize} +\item + \textbf{Connections:} Arrows pointing \emph{upward} from the Proxmox + Host to each VM, indicating virtualization. +\end{itemize} + +\textbf{Layer 1: Logical Network (Overlay)} + +\begin{itemize} +\tightlist +\item + \textbf{Element:} A dotted-line box encompassing all three VMs, + labeled ``Internal Network (192.168.1.0/24)'' -- This is a simplified + private network. +\item + \textbf{IP Addresses (Example):} + + \begin{itemize} + \tightlist + \item + Proxmox Host (Management Interface): 192.168.1.10 + \item + Wazuh Manager: 192.168.1.11 + \item + Agent 1 (Web Server): 192.168.1.12 + \item + Agent 2 (Database Server): 192.168.1.13 + \end{itemize} +\item + \textbf{Firewall:} \emph{Crucially}, a simplified representation of a + firewall within the Proxmox Host or on the network itself. This + highlights the need for controlled access. +\end{itemize} + +\textbf{2. User Accounts \& Security} + +\begin{itemize} +\tightlist +\item + \textbf{Proxmox Host:} + + \begin{itemize} + \tightlist + \item + Create a dedicated user account for the trainee (e.g., + \texttt{wazuh-trainee}). Restrict access to the minimum necessary + for managing the VMs. + \item + Enable 2FA (Two-Factor Authentication) for all Proxmox accounts. + \end{itemize} +\item + \textbf{Wazuh Manager VM:} + + \begin{itemize} + \tightlist + \item + Create a dedicated user for the Wazuh manager (e.g., + \texttt{wazuh}). Restrict privileges. + \item + \emph{Important:} Configure SSH access to the manager \emph{only} + with key-based authentication. Disable password authentication. + \end{itemize} +\item + \textbf{Agent VMs:} + + \begin{itemize} + \tightlist + \item + Create a dedicated user for each agent (e.g., \texttt{webuser}, + \texttt{dbuser}). + \item + Restrict user privileges. Use \texttt{sudo} for necessary + administrative tasks. + \item + Disable direct SSH access to the agents if possible (use + \texttt{wazuh-agent} for remote management). + \end{itemize} +\end{itemize} + +\textbf{3. Network Considerations} + +\begin{itemize} +\tightlist +\item + \textbf{Private Network:} Use a private IP address range (e.g., + 192.168.1.0/24, 10.0.0.0/24). +\item + \textbf{DHCP:} Consider a DHCP server for simplified IP assignment. +\item + \textbf{DNS:} Set up a basic DNS server (even just a local one) for + name resolution. +\item + \textbf{Firewall Rules:} (This is vital for a secure internal network) + + \begin{itemize} + \tightlist + \item + Allow traffic \emph{between} the VMs necessary for Wazuh monitoring + and agent communication. + \item + Restrict external access to the VMs. For example, only allow SSH + access to the Wazuh Manager from the Proxmox Host. + \end{itemize} +\end{itemize} + +\textbf{Important Notes for the Trainee \& You:} + +\begin{itemize} +\tightlist +\item + \textbf{Documentation is Key:} Document \emph{everything} -- VM + creation, configuration, network settings, user accounts. +\item + \textbf{Security Best Practices:} Reinforce security best practices + throughout the setup process. +\item + \textbf{Gradual Complexity:} Start with the basics and gradually add + complexity as the trainee gains experience. +\item + \textbf{Focus on the ``Why'':} Explain \emph{why} certain + configurations are necessary for security. +\item + \textbf{Testing:} Thoroughly test the setup after each configuration + change. +\end{itemize} + +To tailor this further, could you clarify: + +\begin{itemize} +\tightlist +\item + What level of detail should the trainee document? (e.g., full command + output, just configuration files) +\item + Do you want the trainee to focus on specific security concepts (e.g., + least privilege, defense in depth)? +\end{itemize} diff --git a/projects/sbx/sbx-lab-network.md b/projects/sbx/sbx-lab-network.md index 03dcde6..b676e30 100644 --- a/projects/sbx/sbx-lab-network.md +++ b/projects/sbx/sbx-lab-network.md @@ -6,14 +6,17 @@ ### Static IPs -| hostname | mac | IP | comment | active | -| -------- | ----------------- | ------------ | --------------------- | ------ | -| gw | | 10.11.12.254 | sophos fw | true | -| dns1 | | 10.11.12.253 | bind master | true | -| dns2 | | 10.11.12.252 | bind slave | true | -| node1 | | 10.11.12.2 | opnsense cluster test | false | -| node2 | | 10.11.12.3 | opnsense cluster test | false | -| vip-wan | | 10.11.12.4 | opnsense cluster test | false | -| drawio | | 10.11.12.20 | opnsense cluster test | false | -| pxe | BC:24:11:99:2D:8A | 10.11.12.69 | netbbot_xyz | true | -| metabase | | 10.11.12.99 | test for discopharma | false | +| hostname | mac | IP | comment | active | +| ------------ | ----------------- | ------------ | ------------------------ | ------ | +| gw | | 10.11.12.254 | sophos fw | true | +| dns1 | | 10.11.12.253 | bind master | true | +| dns2 | | 10.11.12.252 | bind slave | true | +| node1 | | 10.11.12.2 | opnsense cluster test | false | +| node2 | | 10.11.12.3 | opnsense cluster test | false | +| vip-wan | | 10.11.12.4 | opnsense cluster test | false | +| drawio | | 10.11.12.20 | opnsense cluster test | false | +| pve-wazuh | | 10.11.12.40 | patryk test pve | true | +| wazuh-server | | 10.11.12.41 | patryk test wazuh server | true | +| wazuh-win-11 | | 10.11.12.42 | patryk test win11 client | true | +| pxe | BC:24:11:99:2D:8A | 10.11.12.69 | netbbot_xyz | true | +| metabase | | 10.11.12.99 | test for discopharma | false | diff --git a/projects/ssr/20250508-Zertifikate-einspielen.md b/projects/ssr/20250508-Zertifikate-einspielen.md index a2c30ca..5582e9a 100644 --- a/projects/ssr/20250508-Zertifikate-einspielen.md +++ b/projects/ssr/20250508-Zertifikate-einspielen.md @@ -1,10 +1,10 @@ ## Services -- [ ] Kerio Control (Firewall) -- [ ] Kerio Connect (Mail Server) -- [ ] Univention LDAP/DNS -- [ ] Synology -- [ ] Mailstore -- [ ] Filewave -- [ ] Projekt Pro \ No newline at end of file +- [ ] Kerio Control (Firewall) --> not good; could die in the process +- [x] Kerio Connect (Mail Server) +- [x] Univention LDAP/DNS (not needed as it seems) +- [x] Synology +- [x] Mailstore +- [x] Filewave +- [x] Projekt Pro (not necessary; caddy in front) \ No newline at end of file