Homework 2 Due Date: 2026-02-23 23:59:59 Submission: via GitLab repo
Introduction
This homework is intended to give you some experience modifying firewall rules by hand, integrating suricata into your bastion host environment, and adding containerized services to your ubuntu system.
Tasks
- On FreeBSD:
- Install
suricataon your bastion host. Have it load at boot time so that it’s actively protecting your network. Document installation, configuration, and testing in yourhw2.mdfile. You will need to modify the suricata configuration file! It is large!- When you install
suricata, make sure to pay attention to the messages that appear during installation! Configuration is required! - Make sure to run
suricata-updateto download the latest rules. AND enable them! - Hint: look at the
netmapsection in the suricata documentation to enable inline protection. - Configure
suricatato log alerts and events to a file, and ensure that it is running in IPS mode. - Test
suricataby generating some traffic that it should alert on, such as a simple port scan or an attempt to access a known vulnerable service.
- When you install
- Ensure
suricatacan protect against SMBGhost attacks. Document this in yourhw2.mdfile. - In the end, you should have documentation that will allow you to recreate your firewall environment from scratch, including all firewall rules and suricata configuration. This will come in handy later…
- A shell script that handles much of the above is also required. This script should be in your repo, and should be called
hw2.sh. This script should be able to be run on a fresh install of FreeBSD, and should be able to configure the system to match your environment. You should ensure this script can run multiple times without error.
- Install
- On Ubuntu:
- Install a containerized samba server on your Ubuntu machine. This should be configured to share a directory on your Ubuntu machine via a mapped volume in your container. This directory should be accessible from your host machine, at the IP address of the gateway. You should be writing your own dockerfile for this one. Document the installation and configuration in your
hw2.mdfile. - Install a containerized pi-hole DNS server on your Ubuntu machine. Document the installation and configuration in your
hw2.mdfile. - Create a docker-compose.yml file that will start both of these containers. Document the configuration in your
hw2.mdfile. Include your compose file in your repo as well. - Ensure any needed firewall rules are in place!
- Document everything that you did in the
hw2.mdfile.
- Install a containerized samba server on your Ubuntu machine. This should be configured to share a directory on your Ubuntu machine via a mapped volume in your container. This directory should be accessible from your host machine, at the IP address of the gateway. You should be writing your own dockerfile for this one. Document the installation and configuration in your
Submission
Once you have completed the above, you should have a markdown file in your repo called hw2/hw2.md that contains all the requested information above. Commit and push this to your repo. Also commit and include the requested screenshots. Once you have done this, you can consider the assignment submitted.