https://github.com/n3m3z1z/ldap-project

A simple and Basic LDAP-Server, and Server hardening, this is our exam project.
https://github.com/n3m3z1z/ldap-project

bash cyber-security incident-response json ldap-server linux pdf python threat-dragon vagrantfile virtualbox

Last synced: 23 days ago
JSON representation

A simple and Basic LDAP-Server, and Server hardening, this is our exam project.

• Host: GitHub
• URL: https://github.com/n3m3z1z/ldap-project
• Owner: n3M3Z1Z
• License: mit
• Created: 2024-10-04T14:31:15.000Z (7 months ago)
• Default Branch: main
• Last Pushed: 2024-10-18T11:28:52.000Z (6 months ago)
• Last Synced: 2025-04-03T13:20:06.657Z (23 days ago)
• Topics: bash, cyber-security, incident-response, json, ldap-server, linux, pdf, python, threat-dragon, vagrantfile, virtualbox
• Homepage:
• Size: 38.3 MB
• Stars: 0
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE
  • Code of conduct: CODE_OF_CONDUCT.md
  • Security: SECURITY.md

Awesome Lists containing this project

README

        
![hamster_panzer](https://github.com/user-attachments/assets/0c4ee02d-8707-44fe-98b4-a3ef180e4be1)

This repository contains our final project for the Specialist in System Administration and Cyber Security program. The mentioned company and all individuals are purely fictional. We decided to make our project public on GitHub because this project would not have been possible without the open-source community. All products used align with the philosophy of free access and the use of resources at no cost.

Feel free to clone the repository and try it on your own, commit to it adjust it or just enjoy reading it.

                                                                                                                                 

# LDAP-Project

A simple and Basic LDAP-Server, and Server hardening

### LDAP Server Setup - hamster.panzer

Project Overview

This repository contains the necessary configuration and setup for an LDAP server hosted on an Ubuntu Biotic virtual machine. The LDAP server is configured for the domain hamster.panzer with an IP address of 192.168.56.100. The project includes pre-configured security services and tools for managing user authentication and system access.

Requirements

Before setting up the LDAP server, ensure you have the following software installed on your local machine:

Vagrant

VirtualBox

These tools are essential for provisioning and managing the virtual machine where the LDAP server and associated services will run.

Setup Instructions

Step 1: Clone the Repository

Start by cloning this repository to your local machine:

git clone https://github.com/n3m3z1z/LDAP-Project.git

cd ldap-server-hamster-panzer

Step 2: Start the Vagrant Environment

The Vagrantfile included in this repository is configured to set up the required virtual environment. To start the environment, run:

vagrant up

This command will download the base Ubuntu Biotic box if not already present and provision the virtual machine with the LDAP server and all required security services.

Step 3: Access the Virtual Machine

Once the Vagrant environment is up, you can start the server VM in Virtualbox.

Step 4: LDAP Server Details

Domain Name: hamster.panzer

IP Address: 192.168.56.100

LDAP Services: No pre-configuration you are free to follow our guide provided in the Documentation.pdf as well as the Guide.pdf

Step 5: Security Software

The following security tools are to be installed, to secure the LDAP-Server:

ClamAV (Antivirus)

Fail2Ban (Brute-force protection)

RKHunter (Rootkit detection)

UFW (Firewall)

AppArmor (Mandatory Access Control)

Snort (Intrusion detection)

Suricata (Network-based IDS/IPS)

Each of these tools has been configured for basic operation. For more detailed configurations and usage instructions, refer to the Documentation.

Hardening and Threat Modeling https://github.com/OWASP/threat-dragon

Hardening

SSH Configuration: Ensure strong password policies, disable root login, and use key-based authentication.

Firewall Rules: Restrict access to only necessary ports using UFW.

Regular Updates: Keep the system and all software packages updated to minimize vulnerabilities.

User Privileges: Follow the principle of least privilege when assigning user permissions.

Threat Modeling with Thraet-Dragon-ng

Identify Assets: User data, authentication mechanisms, and sensitive information stored in the LDAP directory.

Identify Threats: Unauthorized access, data leakage, and service disruptions.

Assess Risks: Evaluate the likelihood and impact of identified threats, and implement appropriate mitigations.

Incident Response Plan

Incident Reporting

Establish a procedure for staff to report security incidents via email.

Email address for incident reports: [email protected].

Incident Response Steps

Identification: Confirm the incident and gather relevant information.

Containment: Limit the impact of the incident.

Eradication: Remove the cause of the incident.

Recovery: Restore affected systems and services.

Lessons Learned: Conduct a post-incident review to improve future responses.

Incident Reports

Maintain detailed records of all incidents, including:

Date and time of the incident

Description of the incident

Steps taken in response

Resolution and follow-up actions

Documentation

All PDFs related to this project are currently in German. An English version will follow soon. Please refer to the documentation for in-depth details on the setup and management of the LDAP server.

For further information or questions, please contact the project maintainers.

![hamster_tank](https://github.com/user-attachments/assets/993c6bba-b231-4de1-8bfc-2d9b4781f618)