Bro 2.5 beta

Lots of new features¬†https://www.bro.org/documentation/beta/NEWS.bro.html Installed a test instance on FreeBSD 10.3. pkg install wget swig mkdir /opt wget https://www.bro.org/downloads/beta/bro-2.5-beta.tar.gz tar zxvf bro-2.5-beta.tar.gz ./configure –prefix=/opt/bro && make && make install Get some coffee. I edited /opt/bro/share/bro/site/local.bro and uncommented VLAN logging, Mac logging, and SMB analyzer for testing. I also edited /opt/bro/etc/node.cfg Read more…

fail2ban

It is so easy to stop SSH brute force attacks.  I implemented fail2ban on my test box in literally 5 minutes.  I configured it so that 6 bad password attempts to SSH will block a user for 600 seconds.  That will really throw off most attackers and automated scanners. 1. Read more…

mod_security

Apache mod_security can be configured to block OWASP top 10 attacks. ¬†Scan me and see. Single server (Debian 8): Install Packages. apt-get install libapache2-mod-security2 service apache2 restart cd /etc/modsecurity/ mv modsecurity.conf-recommended modsecurity.conf Edit modsecurity.conf and enable it “SecRuleEngine On” “SecRequestBodyAccess Off” Grab OWASP Top 10 Rules: git clone https://github.com/SpiderLabs/owasp-modsecurity-crs.git /opt/OWASP Read more…