First Practical Assignment
Delivery, on VirtualIPB. Deadline 15-05-2022
1 Objectives and Organization
The assignment has the following main objectives:
• Improve knowledge about systems vulnerabilities;
• Gain knowledge on how to mitigate them;
• Understand System Hardening methodologies;
• Learn what mechanisms are available to support hardening;
• Increase the confidence in Linux systems administration and deployment of services with
This work can be made in groups of up to four elements, the group composition should be sent
by email to the professors.
This work request students to deploy in a virtual scenario basic services in a secure way, using
the best practices and solutions to minimize the risks.
Students should create a technical report ( 3.1).
The report should be submitted jointly with attachments through virtual platform, till 15-05-
2022. Discussion and demonstration of the project will be made on a date to be confirmed. The
work is marked for 20 points.
For this project students will need to have four VMs:
• The Ubuntu Workstation VM that will work as a sysadmin workstation
• A Debian Server VM to work as a Certificate Authority (CA)
• A Debian Server VM to work as a Web Server
• A Debian Server VM to work as an FTP Server
• A VM to provide a centralization log service
The students should start by analyzing the good practices of a base secure configuration of
the servers, installing the least software possible, and also considering a good partition scheme.
Students will be required to use a variety of combined approaches to get the most robust systems
On the Web Server, a dynamic site should be deployed. It can be a WordPress or a Joomla
The FTP Server should force FTPS for authenticated users using VSFTPD.
The VM for centralization of logs can be installed from scratch or can be used an appliance
suck as Graylog. The logs should be securely sent from the other servers. The logs that should be
sent are the system and services logs of Web Server VM and FTP Server VM.
2021/2022 Duarte Pousa & Rui Alves & Tiago Pedrosa– email@example.com — firstname.lastname@example.org — email@example.com 1 of 2
The following phases are identified in the development of this work, for 17 points:
• Base installation of secure systems [1 point]
• Installation of SSH on the servers [0,5 point]
• Configuration of sudo [0,5 point]
• Firewall Configuration [1 point]
• Study the ability to use containers to deploy services in a partitioned manner in each system
and implement them [2,5 points]
• Create a Self-Signed Certificate Authority on the Debian Server CA. Generate the certificates
needed for services that will be configured. Then secure copy them to the correspondent
server. Install the CA certificate on the Ubuntu Workstation to be trusted [1,5 points]
• Secure and robust service installation [4 points]
• Testing the functionality of the services on each machine [1,5 points]
• Improvements. Such as HIDS, detection of rootkits, automatically reporting, use of CIS
benchmarks, and more hardening approaches. [4,5 points]
All the previous phases should follow the good security practices.
The report should reflect the work done, for a maximum of 3 points.
Needs to contain an introduction that explains the project, main objectives, and document
Usually, next will follow a chapter describing the background, mainly the concepts, technology,
tools, and solutions used.
The main chapter clarifies the implementation and/or the configuration follows. The main
tasks and choices made should be explained in detail. Different sections can be created for the
configuration of each component. All relevant configurations files need to be commented on and
incorporated in the report appendix.
The following chapter describes the analysis and or tests made to the created or configured
The report ends with a conclusion, referring to achieved objectives, main difficulties, and future
work that can be made to improve the solution.
The report should contain all used bibliography correctly cited along with the document.
Grades are individual, even for group work. They take into account the work, report, discussion,
2021/2022 Duarte Pousa & Rui Alves & Tiago Pedrosa– firstname.lastname@example.org — email@example.com — firstname.lastname@example.org 2 of 2