W 201: Installing Drupal and Splunk (20 pts)

What You Need for This Project

Two Google Cloud servers, which you prepared in the previous project, one running Debian and the other running Ubuntu

Task 1: Install Drupal 7.20

Install Apache and MySQL

On the Ubuntu server, execute these commands:

sudo apt update sudo apt install nano apache2 mysql-server mysql-client -y sudo mysql_secure_installation

A series of questions appears. Make these choices:

VALIDATE PASSWORD: n
Password: toor or any password you can remember
Re-enter password: toor or any password you can remember
Remove anonymous users? n
Disallow root login remotely? Y
Remove test database and access to it? Y
Reload privilege tables now? Y

On the Ubuntu server, execute these commands:

sudo systemctl start mysql.service sudo mysql -u root -p

Enter the password you chose above.

Create the Drupal Database

At the mysql> prompt, execute these commands:

CREATE DATABASE drupal; CREATE USER drupaluser@localhost IDENTIFIED BY 'password'; GRANT ALL ON drupal.* TO drupaluser@localhost; FLUSH PRIVILEGES; exit

Install PHP

On the Ubuntu server, execute these commands.

sudo apt-get install php7.2 php7.2-gd php7.2-xml php7.2-mysql -y sudo apt-get install libapache2-mod-php imagemagick -y

Install Drupal

We are deliberately installing an old, vulnerable version of Drupal.

On the Ubuntu server, execute these commands.

cd /tmp wget ftp.drupal.org/files/projects/drupal-7.26.tar.gz tar xzvf drupal* sudo mv drupal-7.26/* /var/www/html cp /var/www/html/sites/default/default.settings.php /var/www/html/sites/default/settings.php sudo rm /var/www/html/index.html sudo chmod -R 755 /var/www/html/* sudo chown -R www-data:www-data /var/www/html/* sudo a2enmod rewrite sudo a2enmod env sudo a2enmod dir sudo a2enmod mime

On the Ubuntu server, execute this command:

sudo nano /etc/apache2/sites-enabled/000-default.conf

Remove all the contents and insert the code shown below.

<VirtualHost *:80> ServerAdmin admin@example.com DocumentRoot /var/www/html/ ServerName example.com ServerAlias www.example.com ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined <Directory /var/www/html/> Options FollowSymlinks AllowOverride All Require all granted </Directory> <Directory /var/www/html/> RewriteEngine on RewriteBase / RewriteCond %{REQUEST_FILENAME} !-f RewriteCond %{REQUEST_FILENAME} !-d RewriteRule ^(.*)$ index.php?q=$1 [L,QSA] </Directory> </VirtualHost>

Savee the file with Ctrl+X, Y, Enter.

Execute this command to restart Apache2:

sudo systemctl restart apache2

Set Up Drupal

In the Google Cloud Platform console, find the external IP address of your Drupal server, as shown below.

In a Web browser, open this URL, adjusting the IP address as necessary.

Note: you must type the http://

http://34.73.73.12

The Drupal installation page opens, as shown below.

Accept the default selection of "Standard" and click the "Save and continue" button.

On the "Choose language" page, click the "Save and continue" button.

On the "Verify requirements" page, at the bottom center, click the "proceed with the installation" link, as shown below.

On the "Set up database" page, enter these values, as shown below.

Database name: drupal
Database username: drupaluser
Database password: password

Click the "Save and continue" button.

After a few seconds, you see the "Configure site" page shown below.

Enter these values, as shown below.

Site e-mail address: admin@example.com
Username: admin
E-mail address: admin@example.com
Password: toor
Confirm password: toor

In the "UPDATE NOTIFICATIONS" section, clear the "Check for updates automatically" box, as shown below.

Click the "Save and continue" button.

A "Drupal installation complete" page appears, as shown below.

At the bottom right, click the "your new site" link.

Your Drupal site appears, as shown below.

Flag W 201.1: Database System (10 pts)
At the top right of this page, click Reports, "Status report". The text covered by the green box in the image below is the flag.

Capturing a Screen Image
Capture a WHOLE-DESKTOP image showing the flag.
Save the image as "Proj W 201.1 from YOUR NAME".

Closing Port 80

This vulnerable server will be infected soon by automated attacks, so we don't want to leave it open to the Internet.

In the Google Cloud Console, at the top left, click the three-bar "hamburger" icon. Scroll down to the NETWORKING section and click "VPC networks, "Firewall rules".

Check the default-allow-http rule, as shown below.

At the top right, click DELETE.

In the pop-up box, click DELETE.

Refresh your Drupal site. After a minute or two, it should time out now, as shown below.

Task 2: Install Splunk

Getting the Download Link

In a Web browser, go to

https://www.splunk.com

At the top right, click the tiny head-and-shoulders icon, outlined in aqua in the image below.

If you have a Splunk account, log in. Otherwise create one now.

Troubleshooting
If you have difficulty creating a Splunk account, you can get the "wget" command you need here:
Get Splunk software and install on Ubuntu

At the top right, click the "Free Splunk" button.

At the lower left of the next page, in the "Splunk Enterprise" section, click "Download Free 60-Day Trial", as shown below.

On the next page, click the Linux tab, and, in the ".deb" line, click the "Download Now" button, as shown below.

On the next page, accept the agreement and click the "Start Your Download Now" button, as shown below.

When the download starts, cancel it. At the top right of the next page, click "Command Line (wget)".

Highlight the command in the pop-up box and copy it, as shown below.

Installing the Software

On your Ubuntu machine, in a terminal window, execute the command you just copied. The file downloads, as shown below.

On the Ubuntu server, execute these commands, one at a time.

You will be prompted to agree to a license agreement.

sudo dpkg -i splunk*.deb cd /opt/splunk/bin sudo ./splunk set web-port 443

A license agreement fills the screen. Press Q to close it.

Enter y to agree to the license. Enter a username and password for Splunk, such as admin and P@ssw0rd. On the Ubuntu server, execute this command:

sudo ./splunk start

Splunk starts, as shown below.

Viewing the Splunk Page

Open this URL, replacing the IP address with the public IP address of your Drupal server.

Note: this page is on port 443, but it does not use https.

http://34.73.73.12:443

Log in with the administrator credentials you specified when installing Splunk, such as admin and P@ssw0rd, as shown below.

Splunk will pop up some introductory messages. Read them and close them to see the Splunk management page, as shown below.

Flag W 201.2: App server ports (10 pts)
In the Splunk management page, at the top, click Settings, "Server settings".
On the next page, click "General settings".
Find the "Splunk Web" section. The text covered by the green box in the image below is the flag.

Capturing a Screen Image
Capture a WHOLE-DESKTOP image showing the flag.
Save the image as "Proj W 201.2 from YOUR NAME".

Turning in Your Project

Send the images to cnit.129s@gmail.com with a subject of "Proj W 201 from YOUR NAME". Send a Cc: to yourself.

References

How to Install Drupal CMS on Ubuntu 17.04 / 17.10
MKorostoff/drupalgeddon
Install and Setup Suricata on Ubuntu 18.04

Posted 3-21-19
Install lshw added 5-20-19
Image fixed and software-properties-common added 5-20-19
Point total for 1.1 changed to 10 8-8-19
Update added for Ubuntu 8-8-19
Hint added for missing suricata fast alerts 8-8-19
Split into pieces for CNIT 129S 1-25-2020
Troubleshooting "wget" tip added 2-21-2020