With the caveat that I’ve never done this.
I would suggest starting off with a plan on what you want the “attack” to be. Build a machine. Secure it as much as possible (selinux etc) and then open up the areas you want to be vulnerable to meet your scenario.
If you want it to be more of a pentest practice, then you could build a machine and configure it to a specific standard (NIST, CSC etc). Then when people attack it, there may or may not be a path in.