sysadmin

Homework 4 Due Date: 2023-12-01 23:59:59 Submission: via GitLab repo

Introduction

Let’s add some useful services to our lab environment! For this assignment, we will be adding a VPN server to our Ubuntu system. Right behind the firewall is a typical location for a VPN server. This will allow us to access our lab environment from anywhere in the world.

Tasks

These are high-level requirements, not guidance on the steps to use.

  1. Install a containerized Wireguard server. Document the installation and configuration in your hw4.md file.
  2. Add to your docker-compose.yml file that will start your VPN. Document the configuration in your hw4.md file.
  3. Verify that you can connect to this VPN endpoint. Document the configuration in your hw4.md file.
  4. Install a containerized Wazuh to provide security monitoring. You want the “all-in-one” version, but you’ll also want to install an agent on the FreeBSD system to monitor logs. Document the installation and configuration in your hw4.md file.
  5. Install a gitlab instance on your ubuntu system. This should be fully containerized and added to your docker-compose.yml file. Document the installation and configuration in your hw4.md file.

  6. Install a dockerized, self-hosted bitwarden instance. You aren’t required to make use of it, but it needs to be there. This will allow you to keep all your passwords in one place – that you control. Configuration files should live on a mapped volume. Document the installation and configuration in your hw4.md file. Keep in mind, this might require additional firewall rules to be added to your bastion host. Document these in your hw4.md file.

  7. Static application security testing (SAST) is a method of testing an application for security vulnerabilities by examining the source code. Some of the most popular tools for this are SonarQube, Snyk, and SemGrep. Install one of the SAST tools on your Ubuntu system and run it against a project of your choosing. Document your process and progress in your hw4.md file.

  8. Dynamic application security testing (DAST) is a method of testing an application for security vulnerabilities by examining the application in its running state. GVM is a popular open source tool for this. Install GVM on your Ubuntu system and run it against both of your systems. Document your progress in your hw4.mdfile.

Submission

Once you have completed the above, you should have a markdown file in your repo called hw4/hw4.md that contains all the requested information above. Commit and push this to your repo. Also commit and include the requested screenshots. Once you have done this, you can consider the assignment submitted.