Homework 2 Due Date: 2025-07-14 23:59:59 Submission: via GitLab repo

• Introduction
• Tasks
• Submission

Introduction

This homework is intended to give you some experience modifying firewall rules by hand, as well as integrating suricata into your bastion host environment.

Tasks

1. Modify the local ssh server on the firewall to move it to a different port for management purposes – this means on the FreeBSD system. Document the changes in your hw2.md file. Remember, the port forward you created for virtualbox is what points to your FreeBSD system on port 22 currently. You won’t change that. You’ll change what’s on the FreeBSD system itself. You can use any port you like, but it should not be port 22. For example, you could use port 2222 or 22222. Make sure to update your firewall rules accordingly to allow traffic on the new port.
2. Create a firewall rule that will forward ssh traffic from bastion host port 22 to your Ubuntu system port 22. Document your entire ruleset in your hw2.md file. This means, as above, that you’ll have two port forwards in place.
   • One that forwards traffic from the outside world to your FreeBSD system on port 22.
   • Another that forwards traffic from your FreeBSD system on port 22 to your Ubuntu system on port 22.
   • You should also ensure that the firewall rules are set up to allow traffic on the new ssh port you configured in step 1.
3. Install suricata on your bastion host. Have it load at boot time so that it’s actively protecting your network. Document installation, configuration, and testing in your hw2.md file. You will need to modify the suricata configuration file! It is large!
   • When you install suricata, make sure to pay attention to the messages that appear during installation! Configuration is required!
   • Make sure to run suricata-update to download the latest rules. AND enable them!
   • Hint: look at the netmap section in the suricata documentation to enable inline protection.
   • Configure suricata to log alerts and events to a file, and ensure that it is running in IPS mode.
   • Test suricata by generating some traffic that it should alert on, such as a simple port scan or an attempt to access a known vulnerable service.
4. Ensure suricata can protect against SMBGhost attacks. Document this in your hw2.md file.

In the end, you should have documentation that will allow you to recreate your environment from scratch, including all firewall rules and suricata configuration. This will come in handy later…

A shell script that handles much of the above is also required. This script should be in your repo, and should be called hw2.sh. This script should be able to be run on a fresh install of FreeBSD, and should be able to configure the system to match your environment. You should ensure this script can run multiple times without error.

Submission

Once you have completed the above, you should have a markdown file in your repo called hw2/hw2.md that contains all the requested information above. Commit and push this to your repo. Also commit and include the requested screenshots. Once you have done this, you can consider the assignment submitted.