courses

Homework 3
Due Date: 2026-03-13 23:59:59
Submission: via GitLab repo

Introduction

Let’s add some useful services to our lab environment! For this assignment, we will be adding a VPN server to our Ubuntu system. Right behind the firewall is a typical location for a VPN server. This will allow us to access our lab environment from anywhere in the world (kinda sorta).

Tasks

These are high-level requirements, not guidance on the steps to use.

  1. Create templates for both FreeBSD and Ubuntu in Proxmox. You can do this from the command line or the Proxmox web interface. Document the process in your hw3.md file.
  2. Write a terraform script that will deploy a FreeBSD VM and two Ubuntu VMs to your Proxmox server. You should be able to run this script to create the VMs. Document the process in your hw3.md file.
  3. Write Ansible playbooks that will configure the FreeBSD VM as a bastion host, and the two Ubuntu VMs, splitting services between them. You should be able to run these playbooks to configure the VMs. These should include the below services as well. Document the process in your hw3.md file.
  4. Install a containerized Wireguard server on one of the Ubuntu systems. Document the installation and configuration in your hw3.md file.
  5. Add to your docker-compose.yml file that will start your VPN.
  6. Verify that you can connect to this VPN endpoint. Document the configuration in your hw3.md file.
  7. Install a containerized Wazuh to provide security monitoring. You want the “all-in-one” version, but you’ll also want to install an agent on the FreeBSD system to monitor logs. Document the installation and configuration in your hw3.md file.
  8. Static application security testing (SAST) is a method of testing an application for security vulnerabilities by examining the source code. Some of the most popular tools for this are SonarQube, Snyk, and SemGrep. Install one of the SAST tools on your Ubuntu system and run it against a project of your choosing. Document your process and progress in your hw3.md file.
  9. Dynamic application security testing (DAST) is a method of testing an application for security vulnerabilities by examining the application in its running state. GVM is a popular open source tool for this. Install GVM on your Ubuntu system and run it against all of your systems. Document your progress in your hw3.mdfile.

Keep in mind, this might require additional firewall rules to be added to your bastion host (and correspondingly to your proxmox nftables.conf file). Document these in your hw3.md file.

Submission

Once you have completed the above, you should have a markdown file in your repo called hw3/hw3.md that contains all the above requested information. Commit and push this to your repo. Also commit and include the requested screenshots. Once you have done this, you can consider the assignment submitted.