Repository for a project of the course EP2520 Building Networked Systems Security

Overview

EP2520_ACME_Project

Repository for a project of the course EP2520 Building Networked Systems Security in Royal Institute of Technology (KTH), Stockholm.

VM1

This VM is used as a VPN access server. And there is an intrusion detection for interface enp0s3.
For IDS, you can just copy the etc folder in your VM and use the command:

  • sudo snort -A console -i eth0 -u snort -g snort -c /etc/snort/snort.conf

to start. You need to change eth0 to the interface you want to listen to. And you need to change ipvar HOME_NET server_public_ip/32 in the /etc/snort/snort.conf file to the network addresses you are protecting. You can add more rules by editing the /etc/snort/rules/local.rules file. The log will show in the terminal.
For VPN, you can configure your own one by following the guide from the reference of Documentation which shows each detail in how to use OpenVPN to set up a VPN access server and how to get an *.ovpn file for clients. But before that, you need to build a CA and produce a private key and self-signature certification for the server. And to make your configuration work, you need to set static routes and port forwarding. For more details, please reffer to:
https://openvpn.net/quick-start-guide/
https://openvpn.net/linux-video-tutorials/
https://openvpn.net/vpn-server-resources/site-to-site-routing-explained-in-detail/

VM2

The Web server and the FreeRadius server are set up on VM2.
To set up the Web server, Apache2, MySQL, and PHP should be installed first. The file /etc/apache2/sites-available/fosslinuxowncloud.com.conf is the new virtual host file, which needs to be enabled to replace the default file:

  • sudo a2dissite 000-default.conf
  • sudo a2ensite fosslinuxowncloud.com.conf
  • sudo systemctl restart apache2

As for the MySQL setting, you should create a new database and a new user.

  • create database your_database_name
  • create user 'your_user_name'@'localhost' identified BY 'QB35JaFV6A9=BJRiT90'
  • grant all privileges on your_database_name.* to your_user_name@localhost

Having configured Apache2 and MySQL correctly, open the browser and visit the IP address of localhost to register an admin account. For more details, please refer to:
https://www.fosslinux.com/8797/how-to-install-and-configure-owncloud-on-ubuntu-18-04-lts.htm

The main config files of the FreeRadius server are already contained. We mainly modify or create three files:

  • /etc/freeradius/3.0/mods-available/eap
  • /etc/freeradius/3.0/sites-enabled/mynetwork
  • /etc/freeradius/3.0/clients.cnf

Remember to configure the router which needs to be the FreeRadius client, modifying the encryption method to “WPA(2)-EAP”. We also have created our own certificates files in:

  • /etc/freeradius/3.0/certs/

To generate new user certificates, just modify the client.cnf in this directory according to the actual situation of users.

[ req ]
…...
default_bits = 4096
distinguished_name = client
input_password = user_password
output_password = user_password
…...

[client]
countryName = ...
stateOrProvinceName = ...
localityName = ...
organizationName = ...
emailAddress = ...
commonName = ...

After modifying the config, run the following command to generate client certificates. Distribute the second certificate to Android mobile phone users.

  • make client.pem
  • make client_android.p12

To start the FreeRadius server, run:

  • freeradius -X

If everything works correctly, “Ready to process requests” will be shown. Then connect Wifi using the Android mobile phone and attaching the user certificate, and the connection can be created.For more details, please refer to:
https://www.ossramblings.com/RADIUS-3.X-Server-on-Ubuntu-14.04-for-WIFI-Auth

VM3

VM3 will be used to serve as a VPN client and a gateway. To run this client, we have already created this client file named LondonClient.conf. We have also enabled IP forwarding by modifying the /etc/sysctl.conf file. You can simply copy the etc folder and replace it in your VM. Then reboot the VM.
For configuration details, please refer to:
https://openvpn.net/vpn-server-resources/site-to-site-routing-explained-in-detail/

You might also like...
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications
A Static Analysis Tool for Detecting Security Vulnerabilities in Python Web Applications

This project is no longer maintained March 2020 Update: Please go see the amazing Pysa tutorial that should get you up to speed finding security vulne

HTTP security headers for Flask

Talisman: HTTP security headers for Flask Talisman is a small Flask extension that handles setting HTTP headers that can help protect against a few co

Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells
Vulnerability Scanner & Auto Exploiter You can use this tool to check the security by finding the vulnerability in your website or you can use this tool to Get Shells

About create a target list or select one target, scans then exploits, done! Vulnnr is a Vulnerability Scanner & Auto Exploiter You can use this tool t

Tools to make working the Arch Linux Security Tracker easier

This is a collection of Python scripts to make working with the Arch Linux Security Tracker easier.

Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO
Writeups for wtf-CTF hosted by Manipal Information Security Team as part of Techweek2021- INCOGNITO

wtf-CTF_Writeups Table of Contents Table of Contents Crypto Misc Reverse Pwn Web Crypto wtf_Bot Author: Madjelly Join the discord server!You know how

GitHub Advance Security Compliance Action

advanced-security-compliance This Action was designed to allow users to configure their Risk threshold for security issues reported by GitHub Code Sca

evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.
evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files.

Introduction evtx-hunter helps to quickly spot interesting security-related activity in Windows Event Viewer (EVTX) files. It can process a high numbe

Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app.

django-permissions-policy Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app. Requirements Python 3.

EMBArk - The firmware security scanning environment

Embark is being developed to provide the firmware security analyzer emba as a containerized service and to ease accessibility to emba regardless of system and operating system.

Owner
null
Security audit Python project dependencies against security advisory databases.

Security audit Python project dependencies against security advisory databases.

null 52 Dec 17, 2022
A python script to turn Ubuntu Desktop in a one stop security platform. The InfoSec Fortress installs the packages,tools, and resources to make Ubuntu 20.04 capable of both offensive and defensive security work.

infosec-fortress A python script to turn Ubuntu Desktop into a strong DFIR/RE System with some teeth (Purple Team Ops)! This is intended to create a s

James 41 Dec 30, 2022
Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Security-TXT is a python package for retrieving, parsing and manipulating security.txt files.

Frank 3 Feb 7, 2022
RedTeam-Security - In this repo you will get the information of Red Team Security related links

OSINT Passive Discovery Amass - https://github.com/OWASP/Amass (Attack Surface M

Abhinav Pathak 5 May 18, 2022
Course: Information Security with Python

Curso: Segurança da Informação com Python Curso realizado atravès da Plataforma da Digital Innovation One Prof: Bruno Dias Conteúdo: Introdução aos co

Elizeu Barbosa Abreu 1 Nov 28, 2021
This project is all about building an amazing application that will help users manage their passwords and even generate new passwords for them

An amazing application that will help us manage our passwords and even generate new passwords for us.

null 1 Jan 23, 2022
This is a repository filled with scripts that were made with Python, and designed to exploit computer systems.

PYTHON-EXPLOITATION This is a repository filled with scripts that were made with Python, and designed to exploit computer systems. Networking tcp_clin

Nathan Galindo 1 Oct 30, 2021
Bandit is a tool designed to find common security issues in Python code.

A security linter from PyCQA Free software: Apache license Documentation: https://bandit.readthedocs.io/en/latest/ Source: https://github.com/PyCQA/ba

Python Code Quality Authority 4.8k Dec 31, 2022
Safety checks your installed dependencies for known security vulnerabilities

Safety checks your installed dependencies for known security vulnerabilities. By default it uses the open Python vulnerability database Safety DB, but

pyup.io 1.4k Dec 30, 2022