aazam

SYSTEM LOG SERVICE Incidents: 1.- Error “No route to host” en rsyslog: The client could not connect to the rsyslog server. Solution: Fixed clients IP addressing. 2.- Rejection of connections to port 514: The firewall was blocking port 514 needed by rsyslog. Solution: Opened TCP and UDP ports 514 with firewall-cmd. ERRORS WHEN CREATING THE … Read more

Flow Flow diagram

1. why configure two DNS servers? A DNS can act as a primary and the other as secondary, to guarantee redundancy i resilienceif one fails. They can also have separate functions: one for internal names and the other for external names. 2. What is the function of the DHCP server that configure? Assign automatically IP … Read more

Guarantee secure, efficient and native remote access to the project’s various Linux teams (servers and clients). Options compared Remote access system integration Protocol security requirements Recommended use SSH (OpenSSH) Native SSH High Cap extra Control per terminal Cockpit Optional HTTPS High Port 9090 and browser Graphic management VNC (TigerVNC, etc.) Optional VNC average Active GUI … Read more

ssh → Asad Ullah Azam Kosar→ Alex Pantin ssh → Alex Pantín Larrosa→ Brayan Velasquez ssh → Brayan velasquez → Asad Ullah Azam Kosar

Let’s edit this file: nano /etc/network/interfaces/ /etc/network/interfaces it’s a Debian server. Several interfaces are configured: enp0s2: Alternative fixed IP (172.25.201.10) enp1s0: Own IP (10.90.90.95) VLANs over enp1s0: VLAN 10 (Production): 192.168.10.1 /27 VLAN 20 (Administration): 192.168.20.1 /28 VLAN 30 (Guests): 192.168.50.1 /29 VLAN 40 (Backup): 192.168.40.1 /26 Each VLAN makes use of vlan-raw-device enp1s0. It … Read more

ssh → Desde DHCP → DNS → WEB → DB → ASAD → We work with profiles as a team TESTS

Change the switch IP to position in ADM VLAN   Ports configuration VLAN ID Name Ports sense tag (Untagged) Port amb tag (Tagged) 10 production eth2 eth1 20 Admins eth3, eth7 eth1 30 guests eth4 eth1 40 Backups eth5 eth1 Switch configuration

Allow established and related connections iptables -A FORWARD -m state –state ESTABLISHED,RELATED -j ACCEPT Administration (VLAN 20) can access everything iptables -A FORWARD -s 192.168.20.0/28 -j ACCEPT Production (VLAN 10) can only access the Internet and servers as needed iptables -A FORWARD -s 192.168.10.0/27 -o enp0s3 -j ACCEPT Guests (VLAN 30) can only access the … Read more

Since we want to control everything that reaches the DMZ, we put: iptables -P FORWARD DROP This means that no VLAN can talk to the DMZ unless we specifically tell it to. Rules consistent with the policy 1. Administration can access the entire DMZ (for server management) iptables -A FORWARD -s 192.168.20.0/28 -d 192.168.10.0/27 -j … Read more