Setting Up an Open Source Security Lab with Ubuntu

It's been a while since I had a dedicated Linux server in my home. In the early days of my career, I maintained a small "data centre" in my basement. It included BSD-based network storage via FreeNAS, a Linux Apache MySQL Perl/PHP (LAMP) stack, a Linux-based firewall and directory server, and a Windows domain controller. I spent much time testing my ideas and tinkering with open-source software. Over time, I replaced these machines with commercial off-the-shelf products or moved services to the cloud. Eventually, everything was replaced. This move coincided with my then employer's network, system administration, and application development outsourcing. In the back of my mind, I thought it was pointless to learn something and develop a skill that I couldn't use. It's like learning to play a sport but never getting on the field. I improved my "soft" skills, even as some of my hard skills atrophied.

I recently started consulting independently (again) and realised my knowledge needed updating. While it's great to have business skills that clients find essential to help bridge the communication gaps between non-technical and technical staff, I wanted to stay sharp. I also missed my early days in information security when I was responsible for vulnerability management. I wanted back in, especially to develop and hone a penetration testing skillset. It was time to rebuild my lab.

I have two Raspberry Pi (RPi) devices on my home network and two Macs. The Macs run OS X Yosemite, and the RPi runs Raspbian. The iMac and MacBook Air are capable workstations but inadequate for a server. The RPi is too underpowered and limited by memory and storage constraints. I installed and configured ownCloud on one of the RPi machines, but the performance was terrible. I spent two days getting ownCloud up and running on the RPi but removed the software and reconfigured the machine after only one day of use. A used server might be a better solution.

Server Hardware

I intended to install open-source security tools, including network and system vulnerability scanning, security and event monitoring, intrusion detection, file integrity monitoring, and configuration management systems. I wanted something powerful enough to handle the software stack with enough storage to install, configure, and test other software. After scouring eBay for a week, I purchased a Dell PowerEdge 1950 server for $160. Information on the Dell PowerEdge:

  • Two Intel Xeon 3.0GHz Dual-Core CPUs
  • 4GB of RAM
  • Two 146GB SAS 15K RPM Hard Drives
  • Dual Power Supplies
  • Dual Gigabit network cards
  • VGA/Serial/USB Ports
  • CD-ROM Drive

When the server arrived -- it was larger and heavier than I expected -- I went to the basement to set up. But... I had no power cords, no keyboard, and no display. Over the years, I was spoiled by Apple products. All Macs ship with a display and a keyboard, except for the Mac mini and Mac Pro. This was a frustrating setback, but a few weeks later, I now have a power cord, keyboard, and display. An office colleague donated the power cord and keyboard from the excess he had sitting in a drawer. The display, a Dell P1913S, was purchased used from eBay. It has a small tear, but the price, $50, was good for my budget. It supports VGA, HDMI, and DisplayPort. Waiting and acquiring the peripherals took some time, but I had everything in place last night when I installed Ubuntu. When I booted the device, I noticed a BIOS error. After poking around in the BIOS, I realised that one of the two 146GB drives had failed. I tried rebuilding the drive but failed, so I pulled the drive from the chassis.

Building the Install Media

I intended to install Ubuntu from a flash drive. The general procedure to install Ubuntu from a USB flash drive is:

  • Acquire the correct Ubuntu installation files ('the ISO')
  • Put Ubuntu onto your USB flash drive
  • Configure your computer to boot from a USB flash drive and boot from it
  • Install Ubuntu to your internal drive (hard disk or solid-state drive).

I could download a supported ISO for the Dell PowerEdge 1950 from Canonical's website and use the OS X Disk Utility (DU) app to create a bootable USB. This didn't work. I am trying to understand why. Some Google searches revealed that I first needed to convert the ISO to an IMG file and then do some other things to create a bootable USB flash install on OS X.

:~$ sudo hdiutil convert -format UDRW -o ubuntu-10.04.4-server-amd64.img ubuntu-10.04.4-server-amd64.iso

After converting the ISO, I followed the instructions to burn the IMG to disk. The flash drive imaging was taking forever. I lost my patience after about 20 minutes. I wanted to get started right away. So, while the USB flash drive was being imaged, I tried burning the ISO to DVD with DU. That failed, too. After a few minutes of scratching my head, I burned the IMG I had just created to DVD with DU. This method finished before the USB flash drive was ready—time for the OS install.

Screenshot 2015-03-30 20.22.22

Install the OS

I booted the Dell from the install DVD, answered many questions, and created the root and a standard user account. Once the server booted into Ubuntu, I ensured the SSH daemon was running and sat on the couch with my MacBook Air to complete the initial security configuration. This is one thing I love about UNIX/Linux. Almost anything can be accomplished from the terminal -- remote or local. I used apt to install missing OS patches, but after doing that, I realised I should do an OS release update instead.

:~$ sudo do-release-upgrade

The release upgrade seemed to take forever, but once it was complete, I configured the server firewall using UFW. I remember having to create Linux iptables firewall rules by hand. UFW makes changing the firewall rules trivial. I edited /etc/default/ufw to ensure IPV6 support was enabled (IPV6=yes) and started creating firewall rules. At a minimum, I needed a way to secure remote access to the server and allow web services. From a security perspective, I wanted to follow my practice of "that which is not explicitly allowed is denied". I enabled access to SSH on port 22 and secure web services on port 443 via a firewall on Ubuntu with UFW.

:~$ sudo ufw allow ssh
:~$ sudo ufw allow www
:~$ sudo ufw allow 443
:~$ sudo ufw enable
:~$ sudo ufw logging on

Next Steps

My next steps are to install other security software on the Ubuntu server. I took an early stab at installing Tripwire and OpenVAS, but I'll need more time to understand how to configure these correctly.

Author: Khürt Williams

A human who works in information security and enjoys photography, Formula 1 and craft ale. #nobridge