courses

Homework 4 Due Date: 2025-08-06 23:59:59 Submission: via GitLab repo

Introduction

Let’s add some useful services to our lab environment! For this assignment, we will be adding a VPN server to our Ubuntu system. Right behind the firewall is a typical location for a VPN server. This will allow us to access our lab environment from anywhere in the world (kinda sorta).

Except, there’s a twist! We will be moving our VMs from local machines to a Proxmox server. Each of you will receive (or have received) an assigned server living in FAB 140 (the Systems and Security Lab, next to the fishbowl). We will be using Terraform to deploy VMs to this server, and we will be using Ansible to configure the VMs. This will allow us to easily deploy and manage our lab environment.

Tasks

These are high-level requirements, not guidance on the steps to use.

  1. Create templates for both FreeBSD and Ubuntu in Proxmox. You can do this from the command line or the Proxmox web interface. Document the process in your hw4.md file.
  2. Write a terraform script that will deploy a FreeBSD VM and two Ubuntu VMs to your Proxmox server. You should be able to run this script to create the VMs. Document the process in your hw4.md file.
  3. Write Ansible playbooks that will configure the FreeBSD VM as a bastion host, and the two Ubuntu VMs, splitting services between them. You should be able to run these playbooks to configure the VMs. These should include the below services as well. Document the process in your hw4.md file.
  4. Install a containerized Wireguard server on one of the Ubuntu systems. Document the installation and configuration in your hw4.md file.
  5. Add to your docker-compose.yml file that will start your VPN.
  6. Verify that you can connect to this VPN endpoint. Document the configuration in your hw4.md file.

  7. Install a containerized Wazuh to provide security monitoring. You want the “all-in-one” version, but you’ll also want to install an agent on the FreeBSD system to monitor logs. Document the installation and configuration in your hw4.md file.

    Keep in mind, this might require additional firewall rules to be added to your bastion host. Document these in your hw4.md file.

  8. Static application security testing (SAST) is a method of testing an application for security vulnerabilities by examining the source code. Some of the most popular tools for this are SonarQube, Snyk, and SemGrep. Install one of the SAST tools on your Ubuntu system and run it against a project of your choosing. Document your process and progress in your hw4.md file.

  9. Dynamic application security testing (DAST) is a method of testing an application for security vulnerabilities by examining the application in its running state. GVM is a popular open source tool for this. Install GVM on your Ubuntu system and run it against all of your systems. Document your progress in your hw4.mdfile.

Submission

Once you have completed the above, you should have a markdown file in your repo called hw4/hw4.md that contains all the above requested information. Commit and push this to your repo. Also commit and include the requested screenshots. Once you have done this, you can consider the assignment submitted.