Convert Your Old Laptop Into a Security Monitoring & URL Filtering Server (Part 1)
Tool discussion and initial setup
Do you have an old laptop lying around that is no longer being used but still works? Don’t let its remaining computing power go to waste! In this write up, we’ll talk about how you can host virtual machines on your old laptop using the hypervisor of your choice to run Pi-hole, Grafana and Prometheus to implement URL filtering and block malicious URLs to secure your home network and build a pretty dashboard to monitor your outbound web traffic!
Let’s get started by first going over what each tool does and then dive straight into the configurations and setup required.
Pi-hole
Pi-hole was initially developed as an ad-blocker that protects your network from ads and trackers. As you might have already figured out from the name, the tool was initially targeted towards Raspberry Pi. Pi-hole basically replaces your DNS server, it inspects each query and checks it against a list of domains and answers with a valid IP address only if the domain is permitted. It forwards external requests to the configured public DNS server of your choice. The functionality of Pi-hole is not limited to ad blocking, thanks to our amazing InfoSec community, there are multiple URL lists available for different purposes that are regularly updated and can be used with Pi-hole to detect and block malicious URLs of various categories. In addition to the URL filtering capabilities, we can also use Pi-hole for custom local DNS entries for use within our home network!
Grafana
Grafana is an open-source visualization and analytics tool that gets data from various supported data sources and can be used to build dashboards with interactive charts, graphs etc.
Prometheus
Prometheus is an open-source tool developed by SoundCloud for system monitoring and alerting. It collects and stores metrics as time-series data. Metrics are stored with the timestamp along with key-value pairs called labels. For our use case, we will be using Prometheus as a data source, to feed metrics and live data from Pi-hole into Grafana in order to build monitoring dashboards.
Overview
Now that we have discussed about the tools and their purpose, we’ll look at a simple design of how things will be set up.
Home Network Setup
We will be running a hypervisor such as VirtualBox, VMware Fusion etc. on our old laptop and hosting virtual machines on it. The virtual machines will run our tools and will be accessible on our home network. The virtual machines can be assigned static IPs or DHCP reservation can be set for them on the router level.
On the home router, we’ll be using the IP of our VM that hosts Pi-hole as our default DNS server to be pushed out to the devices on our network using DHCP. DHCP settings vary for different router vendors, below is a sample config. The pool is the address range that will be assigned to the user devices and our primary DNS will be our Pi-hole VM’s IP address.
Tool Setup
We will be running two virtual machines inside a hypervisor, I’ll be using VirtualBox for this setup. One VM will run Pi-hole and listen for DNS queries and the other VM will run our monitoring tools Grafana and Prometheus. Pi-hole will send data to Prometheus using an exporter (we will be discussing more about it in detail while configuring) and then Prometheus will be added as a data source to Grafana, where we will be creating a dashboard with that data. Both Prometheus and Grafana will run on the same server on different ports and each of them has a web interface for configurations.
Setting up our Virtual Machines
We will first set up our virtual machines inside VirtualBox with base config, before installing the required tools.
For our first virtual machine, that will host Pi-hole, we will be using a VirtualBox VM Image for the latest version of Ubuntu that is supported by Pi-hole, which is Ubuntu 21.04 at the time of writing this article. We can use the same image for our second VM responsible for monitoring.
You can check out the OS requirements and prerequisites for Pi-hole here.
A great resource to find ready-to-use VM Images is linuxvmimages. It also has a guide on how to import the downloaded image in VirtualBox here. After downloading the VM image, loading the .vbox file with VirtualBox and powering on the VM, right off the bat we can see that Ubuntu is up and running and we can log in with the default credentials provided. (Make sure the VM is configured to run in Bridged mode so that it’s accessible on your home network.)
In the future, for convenient management of our VMs, we will be accessing them remotely through SSH and we won’t be accessing them in the GUI mode, instead, we’ll run them in headless mode on VirtualBox using its command-line utility vboxmanage (Make sure vboxmanage is added to the PATH). At this point, we can duplicate the same VM and rename our two VMs on VirtualBox for use later. Additionally, you can also enable SSH login on your old laptop if you want to manage your VMs remotely from another device, without needing to physically work on the old laptop.
Run in headless mode (“Pi-hole” is the name of the VM on VirtualBox)
vboxmanage startvm Pi-hole --type headless 2> /dev/null (start VM)vboxmanage controlvm Pi-hole savestate (save state and shutdown VM)vboxmanage list runningvms (To check currently active VMs)
Get the IP address assigned to the VM
vboxmanage guestproperty enumerate Pi-hole | grep IP | cut -d “ “ -f 4 | sed s/,//gAt this point, our VMs are up and running and we can SSH to them with the IP we got, using ssh ubuntu@<IP> and the default credentials from linuxvmimages.
Base Config
Now that we can remotely login to our new VMs using SSH, we can change the default credentials, hostname and the banner for our servers and also assign a static IP address.
Change Hostname - sudo nano /etc/hostname (Edit file and add the desired name)Change Banner - sudo nano /etc/motd (Edit file and add the desired SSH banner)Change Password - sudo passwd sudo reboot (For changes to take place)
Setting a static IP address
Check the name of the interface that has an IP in your network (enp0s3 is the interface name, in this case)— ip addr
Navigate to /etc/netplan and edit the 01-network-manager-all.yaml file.
Enter addresses, gateway, DNS accordingly (Preferably, choose an IP outside your DHCP pool)Add the below to the yaml file -# Let NetworkManager manage all devices on this system
network:
version: 2
renderer: NetworkManager
ethernets:
enp0s3:
dhcp4: no
addresses: [192.168.0.2/24]
gateway4: 192.168.0.1
nameservers:
addresses: [8.8.8.8, 8.8.4.4]After saving the .yaml file run -
sudo netplan apply
After the changes are applied, log in using the newly assigned IP addresses.
We are ready with our initial setup and now we can proceed to install our tools in Part 2!
