Lots of new features https://www.bro.org/documentation/beta/NEWS.bro.html Installed a test instance on FreeBSD 10.3. pkg install wget swig mkdir /opt wget https://www.bro.org/downloads/beta/bro-2.5-beta.tar.gz tar zxvf bro-2.5-beta.tar.gz ./configure –prefix=/opt/bro && make && make install Get some coffee. I edited /opt/bro/share/bro/site/local.bro and uncommented VLAN logging, Mac logging, and SMB analyzer for testing. I also edited /opt/bro/etc/node.cfg Read more…
It is so easy to stop SSH brute force attacks. I implemented fail2ban on my test box in literally 5 minutes. I configured it so that 6 bad password attempts to SSH will block a user for 600 seconds. That will really throw off most attackers and automated scanners. 1. Read more…
Apache mod_security can be configured to block OWASP top 10 attacks. Scan me and see. Single server (Debian 8): Install Packages. apt-get install libapache2-mod-security2 service apache2 restart cd /etc/modsecurity/ mv modsecurity.conf-recommended modsecurity.conf Edit modsecurity.conf and enable it “SecRuleEngine On” “SecRequestBodyAccess Off” Grab OWASP Top 10 Rules: git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /opt/OWASP Read more…