January 12, 2025
This is a relatively straightforward challenge. We’ve been tasked with correcting some erroneous configurations on a Windows and Linux machine. For the Windows host, we can use the control panel to locate and alter the settings. The Linux host will require editing a config file.
Disable Telnet/FTP Windows Features
According to our briefing, the Workstation-Desk host has Telnet and FTP enabled, so we’ll start by disabling those features.
To do so, we’ll open the Control Panel on the machine, switch the View to “Small icons” and locate the “Programs and Features” category.
With “Programs and Features” open, we’ll click “Turn Windows features on or off” on the side panel. This will open a menu to select the features we want to disable.
With the Windows Features menu open, we can scroll through and toggle off the Telnet and FTP features.
Click “OK” at the bottom of the screen and wait for the settings to be applied.
Remove Telnet/FTP Firewall Rules
Our briefing informed us that there are firewall rules for Telnet and FTP active, so we’ll need to disable those as well.
We’ll start by launching Windows Defender Firewall from the Control Panel.
From within the firewall menu, we’ll click the “Advanced settings” option on the side panel to launch the “Windows Defender Firewall with Advanced Security” (WFAS) snap-in.
Note: You can launch WFAS directly from the run prompt with “wf.msc”.
From Within WFAS, we’ll need to select Inbound Rules and look for any rules related to Telnet and FTP.
Once located, we’ll right-click each entry and Delete the rule.
After confirming the request, the firewall rules will be removed, and we can move on to the next task.
Securing SSH on Prod-Web
With the Windows host dealt with, we can move on to configuring the Linux machine.
We could connect to the machine directly in this lab environment, but we’ll SSH into the machine to make it a little more realistic.
To do so, we’ll log into the Security-Desk host and ssh to the Prod-Web. We can check the IP address of Prod-Web on the network diagram.
Once connected, we can begin making changes to the SSH configuration.
The SSH configuration file can be found at /etc/ssh/sshd_config
/etc/ssh/sshd_config
Since the file is only read/writable by root, we’ll need to use sudo when accessing the file.
sudo vim /etc/ssh/sshd_config
Note: You can use nano instead of Vim if you are unfamiliar with navigating files with Vim.
With the file open, we can now begin applying the requested configuration changes.
First on our list is to “Enable PAM Authentication for SSH”.
The setting we need for this is UsePAM, so we can search for this string in our text file.
Note: To search in Vim, while in Command mode, press / followed by your query.
/
We can see that the UsePAM option is commented out, and set to “no”, so we’ll need to uncomment it and change it to “yes”.
Next on our list of configuration changes was to “Configure SSH Authentication for Root User to be Exclusively Key-Based”.
We can find the existing Root login options by searching “PermitRootLogin”.
To enforce key-based logins for Root, we can use the prohibit-passwords option.
The option will add is PermitRootLogin prohibit-password.
PermitRootLogin prohibit-password
Lastly, we’ve been tasked with “Disallow Empty SSH Login Passwords”.
We can search for the string “Empty” to see if we can spot any relevant options.
Sure enough, we can see an option labeled PermitEmptyPasswords yes. We’ll change that to “no” to disable this feature.
PermitEmptyPasswords yes
And that is it, we’ve successfully applied all the requested configurations to both the Linux and Windows systems.
Previous post
Next post