This is part 2 of this series and the post where I will begin to share the configuration and setup of the environment I have been using to delivery cyber security capacity building activities to small security teams. If you want to read about the motivation behind this system, and how it got to where it is – I encourage you to read part 1.
The base system
Recapping from part 1, the system I was using for this is a salvaged laptop, running Ubuntu Server 24.04 (at the time). The specifictions for the setup so far are as follows:
Laptop
Toshiba Satellite R830
CPU: Intel Core i5-2520M CPU (2.5 Ghz)
RAM: 8GB
HDD: 128 GB SSD
Network
TP-Link TL-MR3020 (Any access point will suffice – I just needed something small and portable)
These are by no means minimum specifications, the system runs exceptionally well on these specs and I have had upwards of 40 simultaneous connections to the Wi-Fi network. I have also configured an essentially identical setup and will be running exercises on a Raspberry Pi Model 4B (1GB RAM) in the future.
The system as it stands today has been configured to only simulate 3 different cyber security incidents: Website defacement, denial of service (DoS/DDoS) and a data breach. However, it’s possible to build your own scenarios or add further enrichment or interactivity to existing tabletops using this platform.
The following details will apply to both environments equally. Obviously the laptop has the advantage of the higher specifications, built in screen for troubleshooting, and x86 architecture for greater extension of the platform as a whole. The Pi has the advantage of the super portable form factor but obviously the ARM architecture may let it down with what you can run in the future.
With all that out of the way – lets get into the setup and configuration. If you’re following along, I’m going to assume you already have a system available with Ubuntu installed.
The setup starts with installing the necessary packages. For this system – we will use the following:
Bind
Nginx
Apache
Docker
Mysql
We will start with the base system first
sudo apt install bind9 nginx apache2 mysql-server
Next, we will begin the configuration and setup of docker.
sudo su -
apt install apt-transport-https ca-certificates curl software-properties-common
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | apt-key add -
add-apt-repository "deb [arch=amd64] https://download.docker.con/linux/ubuntu focal stable"
apt-cache policy docker-ce
apt install docker-ce
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu \
$(. /etc/os-release && echo "${UBUNTU_CODENAME:-$VERSION_CODENAME}") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt update
apt install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin -yIf you want to test your docker install, you can run the below command:
docker run hello-worldFor this system will be using nginx as a reverse proxy for apache. To avoid a conflict in ports, we need nginx listening on port 80, and apache on something different.
vi /etc/apache2/ports.confIn this file we need to change the ‘Listen 80’ to a different value. I have used port 8181 for this example, but pretty much any other unused port will also work.
Listen 8181
<IfModule ssl_module>
Listen 443
</IfModule>
<IfModule mod_gnutls.c>
Listen 443
</IfModule>You will also need to update the default apache configuration:
vi /etc/apache2/sites-enabled/000-default.confThe first line needs to be changed to the following (make sure to use the same port number you chose earlier):
<VirtualHost *:8181>Finally, restart apache
sudo systemctl restart apache2With most of the key components now installed, it’s a matter of completing configuration tasks. This will be covered in part 3 of this series.
DFIR.Dog 