You are required to submit two items:
You are required to submit two items:
Written Report in PDF Format
Wazuh report in CSV formatAttach your PDF filesAttach your Wazuh Report CSV file here
Linux VM: LAMP Server Secure Design
A College Computer Studies offers several courses that require students to use a hosted LAMP server (Linux, Apache, MySQL, PHP) for their assignments and projects. This hosted LAMP server is located at Computer Studies' own data center and may be deployed as a single VM Administrated and managed by the Computer Studies Academic Technicians.
End-user Requirements
End-users (students and instructors) will be working with PHP and web applications, each requiring their own hosted site
end-users will require FTP access to manage files for their site
end-users require access to their own MySQL database tables. This access is used to create and deploy PHP applications on end-user sites or may be accessed through a client software (such as MySQLWorkbench)
Administrative Requirements
The LAMP server is administrated by Computer Studies Academic Technicians
Administrators are required to manage end-user accounts. Each semester instructors provide the list of students that need access. Typical numbers are around 450 end-users.
Administrators are given the following information in the list:
First and Last name, Student ID, Email
The LAMP server needs to be compliant with CIS Benchmarks
Server is in an environment where logs and CIS compliance are monitored using the Wazuh Server
Environment and Network Architecture
You are required to deploy the LAMP server in an existing network architecture. The following interfaces and networks are available to your server:
Public IP address via One-to-one NAT (Public Interface to the Internet)
an Internal Network for logging, monitoring, and private out-of-bound access to the server via VPN
The Wazuh server is located on this network. Logging, monitoring, and auditing are done through this network
Please Note:The scope of your responsibilities only includes the secure design of the LAMP server itself, as you do not have access or control over the existing architecture. However, you are welcome to provide recommendations and suggestions to accommodate or further harden the security of your proposed deployment.
Deliverables
Your Responsibilities for This Project
Design and Implement LAMP Proof of Concept (PoC) server fit for use and utility as per the requirements
Ubuntu Server (LTS version) + Apache, PHP, and MySQL, and an FTP(s) Server
test your LAMP server in a VM with two network adapters, and Wazuh to ensure compliance and and for testing and validating your design
Environment is similar to the configuration of our lab system, representing the internet connection and the internal network
Balance Security and Usability
Consider the end-users' point of view, and how will they access the server and use it. Assume users do not have any knowledge of Linux servers (most web developers do not and use hosted services).
Consider administration
Ensures that the server remains compliant and maintains consistent configuration for the lifetime of the server (many semesters for several years)
Your Submission
Provide a written document explaining your proposals and your secure design. Additionally, provide information or instructions on how end-users and administrators are expected to use and operate the system.Your written report can include the following:
Specific security features and designs
Controls and mitigations for perceived and real risks
Residual Risks (You may include a Risk Assessment Report for your proposed design in your Appendix)
Server Administration, Management, and Maintenance, explaining how the system is designed to be used. For example:
Provide procedures, guidelines or policies for the system administrators
Include instructions on how to manage end-user accounts and access (how end-user accounts are added or removed, and how credentials are created)
How account credentials are distributed (for example how usernames and passwords are distributed to end users)
End-user access to service (how your server is designed to be used)
How students and teachers are expected to access services provided on this server (provide instructions that can be given to end-users)
Explanations for any failed CIS benchmark recommendations, and any residual risks
you may include any configuration snippets, screenshots, or sample scripts in your Appendix
Submission online
One written report and appendix in PDF Format
Wazuh Report of the CIS Compliance from your proof of concept VM, exported in CSV format
Important factors in this assignment:
Secure Design Features: Risk Assessment Results/Residual Risks: (
Either provide one, or provide enough information so I can do one myself
Highest risks are addressed or mitigated, Residual Risks are low
Ease of use:
Administration (/20)
Student/Users (/20)
Other issues/problems:
CIS Benchmarks:
Full CIS Benchmark report is provided in CSV (/10)
List of Exclusions and failed items explained (/10)
https://drive.google.com/file/d/1ZC2jS1MYRzfQdDaF_l5saVytikE8oyTK/view?usp=drive_linkThis link has the OVA file for pre-built Linux Ubuntu VMStep 1: Download the OVA File
Get the download link:
Obtain the link to the OVA file from the person who shared it with you, such as via email, messaging app, or cloud storage service.
Download the OVA file:
Click on the link to start the download.
Save the file to a convenient location on your computer.
Step 2: Import the OVA File into VirtualBox
Open VirtualBox:
Launch VirtualBox on your computer.
Import the OVA file:
Go to File > Import Appliance in the VirtualBox menu.
Click Choose a virtual appliance file to import and browse to the location where you saved the OVA file.
Select the OVA file and click Next.
Review the Appliance Settings:
Review the settings for the VM. You can customize them if needed (e.g., change the VM name or allocate more resources).
Click Import to start the import process.
Wait for the import to complete:
The import process may take a few minutes depending on the size of the OVA file and the speed of your computer.
Step 3: Start and Use the Imported VM
Select the imported VM:
After the import is complete, the VM will appear in the list of available VMs in VirtualBox.
Start the VM:
Select the imported VM from the list.
Click the Start button to launch the VM.
Use the VM:
Once the VM starts, you can use it as you would any other virtual machine. It will have all the pre-configured settings and applications as set by the person who created the OVA file.Snapshots: Take snapshots of the VM after initial setup to easily revert to a known good state if needed.
