Skip to content

Commit 2631963

Browse files
kolkhiskolkhis
authored
Merge pull request #55 from cmckee786/patching
add: codeblocks, fileblocks for clarity
2 parents e6a4aa2 + 8c96d97 commit 2631963

File tree

1 file changed

+62
-20
lines changed

1 file changed

+62
-20
lines changed

src/u3lab.md

Lines changed: 62 additions & 20 deletions
Original file line numberDiff line numberDiff line change
@@ -8,8 +8,11 @@
88
### Required Materials
99

1010
Putty or other connection tool Lab Server
11-
Root or sudo command access
11+
Root or sudo command access
12+
1213
STIG Viewer 2.18 (download from https://public.cyber.mil/stigs/downloads/ )
14+
Download the STIG for RHEL 9 and the import it into your STIG viewer
15+
Create a checklist from the opened STIG for RHEL 9
1316

1417
#### Downloads
1518

@@ -152,26 +155,37 @@ firewall-cmd --list-all
152155

153156
#### Generate a password (use `testpassword`)
154157

155-
[root@hammer1 ~]# `slappasswd`
158+
[root@hammer1 ~]# `slappasswd`
159+
160+
Output:
161+
162+
<blockquote>
163+
156164
New password:
157165
Re-enter new password:
158166
{SSHA}wpRvODvIC/EPYf2GqHUlQMDdsFIW5yig
159167

168+
</blockquote>
169+
160170
#### Change the password
161171

162-
`vi changerootpass.ldif`
172+
[root@hammer1 ~]# `vi changerootpass.ldif`
163173

164-
dn: olcDatabase={0}config,cn=config
165-
changetype: modify
166-
replace: olcRootPW
174+
```yaml
175+
dn: olcDatabase={0}config,cn=config
176+
changetype: modify
177+
replace: olcRootPW
167178
olcRootPW: {SSHA}vKobSZO1HDGxp2OElzli/xfAzY4jSDMZ
179+
```
168180
169181
[root@hammer1 ~]# `ldapadd -Y EXTERNAL -H ldapi:/// -f changerootpass.ldif `
170182

171-
SASL/EXTERNAL authentication started
172-
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
173-
SASL SSF: 0
183+
```yaml
184+
SASL/EXTERNAL authentication started
185+
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
186+
SASL SSF: 0
174187
modifying entry "olcDatabase={0}config,cn=config"
188+
```
175189

176190
#### Generate basic schemas
177191

@@ -183,7 +197,7 @@ ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/openldap/schema/inetorgperson.ldif
183197

184198
#### Set up the domain (USE THE PASSWORD YOU GENERATED EARLIER)
185199

186-
`vi setdomain.ldif`
200+
[root@hammer1 ~]# `vi setdomain.ldif`
187201

188202
```yaml
189203
dn: olcDatabase={1}monitor,cn=config
@@ -220,6 +234,10 @@ olcAccess: {2}to * by dn="cn=Manager,dc=prolug,dc=lan" write by * read
220234

221235
[root@hammer1 ~]# `ldapmodify -Y EXTERNAL -H ldapi:/// -f setdomain.ldif`
222236

237+
Output:
238+
239+
<blockquote>
240+
223241
SASL/EXTERNAL authentication started
224242
SASL username: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
225243
SASL SSF: 0
@@ -229,16 +247,24 @@ modifying entry "olcDatabase={2}mdb,cn=config"
229247
modifying entry "olcDatabase={2}mdb,cn=config"
230248
modifying entry "olcDatabase={2}mdb,cn=config"
231249

250+
</blockquote>
251+
232252
#### Search and verify the domain is working.
233253

234254
[root@hammer1 ~]# `ldapsearch -H ldap:// -x -s base -b "" -LLL "namingContexts"`
235255

256+
Output:
257+
258+
<blockquote>
259+
236260
dn:
237261
namingContexts: dc=prolug,dc=lan
238262

263+
</blockquote>
264+
239265
#### Add the base group and organization.
240266

241-
`vi addou.ldif`
267+
[root@hammer1 ~]# `vi addou.ldif`
242268

243269
```yaml
244270
dn: dc=prolug,dc=lan
@@ -274,7 +300,7 @@ ou: Group
274300
Generate a password
275301
`slappasswd` (use testuser1234)
276302

277-
`vi adduser.ldif`
303+
[root@hammer1 ~]# `vi adduser.ldif`
278304

279305
```yaml
280306
dn: uid=testuser,ou=People,dc=prolug,dc=lan
@@ -291,9 +317,7 @@ homeDirectory: /home/testuser
291317
shadowLastChange: 0
292318
shadowMax: 0
293319
shadowWarning: 0
294-
```
295320
296-
```yaml
297321
dn: cn=testuser,ou=Group,dc=prolug,dc=lan
298322
objectClass: posixGroup
299323
cn: testuser
@@ -314,12 +338,18 @@ openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/pki/tls/ldapser
314338
chown ldap:ldap /etc/pki/tls/{ldapserver.crt,ldapserver.key}
315339
```
316340

317-
[root@hammer1 tls]# `ls -l /etc/pki/tls/ldap*`
341+
[root@hammer1 ~]# `ls -l /etc/pki/tls/ldap*`
342+
343+
Output:
344+
345+
<blockquote>
318346

319347
-rw-r--r--. 1 ldap ldap 1224 Apr 12 18:23 /etc/pki/tls/ldapserver.crt
320348
-rw-------. 1 ldap ldap 1704 Apr 12 18:22 /etc/pki/tls/ldapserver.key
321349

322-
`vi tls.ldif`
350+
</blockquote>
351+
352+
[root@hammer1 ~]# `vi tls.ldif`
323353

324354
```yaml
325355
dn: cn=config
@@ -338,7 +368,7 @@ olcTLSCertificateFile: /etc/pki/tls/ldapserver.crt
338368

339369
#### Fix the /etc/openldap/ldap.conf to allow for certs
340370

341-
`vi /etc/openldap/ldap.conf`
371+
[root@hammer1 ~]# `vi /etc/openldap/ldap.conf`
342372

343373
```bash
344374
#
@@ -389,14 +419,20 @@ systemctl status oddjobd.service
389419

390420
#### Uncomment and fix the lines in /etc/openldap/ldap.conf
391421

392-
`vi /etc/openldap/ldap.conf`
422+
[root@hammer1 ~]# `vi /etc/openldap/ldap.conf`
423+
424+
Output:
425+
426+
<blockquote>
393427

394428
BASE dc=prolug,dc=lan
395429
URI ldap://ldap.ldap.lan/
396430

431+
</blockquote>
432+
397433
#### Edit the sssd.conf file
398434

399-
`vi /etc/sssd/sssd.conf`
435+
[root@hammer1 ~]# `vi /etc/sssd/sssd.conf`
400436

401437
```yaml
402438
[domain/default]
@@ -429,4 +465,10 @@ systemctl status sssd
429465

430466
`id testuser`
431467

432-
uid=15000(testuser) gid=15000 groups=15000
468+
Output:
469+
470+
<blockquote>
471+
472+
uid=15000(testuser) gid=15000 groups=15000
473+
474+
</blockquote>

0 commit comments

Comments
 (0)