Skip to content

Security Server - Provision & Setup Ubuntu Server 22.04

Prerequisites

  1. Virtualbox or VMware Workstation Pro installed.
  2. Virtual Machine with Ubuntu 22.04 ISO has been downloaded and provisioned (the ISO should be attached to the new VM).
  3. Windows Server 2025 with AD Directory Services (ADDS) configured and turned on.

Network Topology

Base Layout
(Click to zoom)

Security Server Overview

A dedicated security server is used for ensuring the performance, security, and scalability of your monitoring and analysis stack.

Why should we provision a dedicated security server, rather than just use the [project-x-corp-svr]?

Here’s why:

Performance Isolation: Running resource-intensive tools on a dedicated server prevents performance degradation caused by competing workloads on shared resources. Each application demands significant CPU, RAM, and disk I/O to function efficiently

Enhanced Security: Security tools process sensitive data, including logs and vulnerability scans. A dedicated server minimizes the attack surface by isolating these critical processes from unrelated systems.

Centralized Management: A dedicated server simplifies monitoring and management, providing a single point for handling logs, alerts, and vulnerability data, which improves efficiency and reduces administrative overhead. We will be using a few closed and open-source security tools to monitor, detect, and prevent our simulated “attacks”.

If you know, you know.

Base Layout
(Click to zoom)

Instead of duplicating our steps, we are going to “Clone” the Ubuntu Desktop 22.04 workstation client.

We will make a few configuration changes to the Security Server. You are welcomed to repeat the steps in the Ubuntu 22.04 Desktop guide if you want extra practice with provisioning VMs.

Setup Security Server

Navigate to the [project-x-linux-client] Virtual Machine. Make sure the Virtual Machine is powered off.

Base Layout
(Click to zoom)

Right-click the Virtual Machine ➔ Select “Clone”

Base Layout
(Click to zoom)

Name the new machine [project-x-sec-box]. Select “Next”.

👉 Refer to the “Project Overview” guide for more information on IP address and hostname information.

Base Layout
(Click to zoom)

Ensure “Full Clone” is selected.

Base Layout
(Click to zoom)

Select “Everything”. This will include our original snapshot, which we would like, just in case.

Base Layout
(Click to zoom)

Wait until the new machine is cloned.

Base Layout
(Click to zoom)

You should now see a fully cloned Virtual Machine, titled [project-x-sec-box].

Base Layout
(Click to zoom)

Power on the machine.

Change Hostname + Account

Let’s adjust a few configuration settings to make this the Security Server.

Right now, the hostname is linux-client as we have a fully cloned copy of the Ubuntu Linux 22.04 Desktop workstation. Sorry JaneD, it's time to create something different.

Base Layout
(Click to zoom)

Open a new terminal.

Adjust the /etc/hostname configuration:

     sudo nano /etc/hostname

Type in the password for janed (@password123!)

Replace linux-client on line 1 with sec-box.

Exit Nano with CTRL + X, then Y key, Enter Key.

Base Layout
(Click to zoom)

Reboot the machine with:

   reboot

See the changes reflected when opening a new terminal.

Base Layout
(Click to zoom)

Let’s provision a new account with sudo privileges.

👉 Refer to the “Project Overview” guide for more information on default usernames and passwords.

Open a new terminal.

Type in adduser:

   sudo adduser sec-user
You will be prompted for jane’s password, use the default password of (@password123!).

Base Layout
(Click to zoom)

Enter sec-user’s password with the default

Hit “Enter” for all the user information, then y.

Base Layout
(Click to zoom)

Use the following command to grant sudo privileges.

   sudo usermod -aG sudo sec-user
Base Layout
(Click to zoom)

Switch to sec-user account. Issue a sudo whoami to confirm root privileges.

   su sec-user
   sudo whoami
Base Layout
(Click to zoom)
  • If you get the following error (from the previous guide), do the following.
Base Layout
(Click to zoom)

Connect to Active Directory

Based on our previous configuration steps conducted in on [project-x-linuxclient], we should have the necessary dependencies to automatically join the corp.project-x-dc.com domain.

Verify you can ping 10.0.0.5 and corp.project-x-dc.com.

Base Layout
(Click to zoom)

Join the domain with:

   sudo net ads join -U Administrator
Base Layout
(Click to zoom)

Let’s create sec-user’s AD account in our Domain Controller.

Go to Server Manager, then on the top right “Tools” ➔ “Active Directory Users and Computers”

Base Layout
(Click to zoom)

Navigate to the “Users” folder. Right-click, then go to “New” ➔ “User”.

Base Layout
(Click to zoom)

Add the following information. Make sure secuser username is [email protected].

Base Layout
(Click to zoom)

Set secuser password (@password123!).

👉 Refer to the “Project Overview” guide for more information on default usernames and passwords.

Base Layout
(Click to zoom)

Clear the winbind cache by restarting the service, then see the changes reflected.

   sudo systemctl restart winbind
   wbinfo -u

Then login with:

   sudo login
Base Layout
(Click to zoom)

Success!

Base Layout
(Click to zoom)

📸 Take Snapshot!

Base Layout
(Click to zoom)