The purpose of this post is to create a system from where network installations can occur. A remote system will boot to the network, receive IP information from a DHCP server and boot Linux from a TFTP server. The TFTP server will provide the required packages for a Linux install. Read more
All of the gui driven iso to usb programs were not working correctly for me on CentOS. This document outlines steps to make a CentOS 6 install usb stick. What you need: An 8GB or higher usb stick ( I like corsair voyagers )CentOS 6.6 DVD 1, 2 and Net Read more
I have 2 ASA 5510s and an IPS 4240 on the way. I can do most of the stuff in the classes and workbooks with the gear I already have. I’ll use rack rental for the Wifi, ISE and other stuff that requires more recent hardware or hard to get Read more
All done on Ubuntu 12 server. Pretty much followed this guide: https://code.google.com/p/collective-intelligence-framework/wiki/ServerInstall_Ubuntu12_v1 Ran into a few issues… Had to force some perl modules. cpanm Net::Abuse::Utils –force And version 1.7 of Linux::Cpuinfo wouldn’t install. Just removed the @1.7. cpanm git://github.com/gitpan/Linux-Cpuinfo.git –force Then you have to grab this Cpuinfo.pm and place it Read more
CentOS6 again. Download the latest version of kibana from http://www.elasticsearch.org/overview/kibana/installation/cd /var/www/ wget http://www.elasticsearch.org/overview/kibana/installation/ tar zxvf kibana* rm kibana*.gz mv kibana* kibana3 Create a kibana configuration file for Apache. <VirtualHost YOURIP:80> ServerName FQDN DocumentRoot /var/www/kibana3 <Directory /var/www/kibana3> Allow from all Options -Multiviews </Directory> LogLevel debug ErrorLog /var/log/httpd/error_log CustomLog /var/log/httpd/access_log Read more
I needed to determine the average traffic seen at the internet gateway in order to scope full packet capture, Bro and flow data.Then i needed to find traffic to eliminate and gain storage retention. Mon-Fri are peak, and Sat-Sun are idle times. Export flows for a 24 hour period to Read more
All done on CentOS6 There are scripts to automate this, but I like installing everything from source to learn more about the packages. Here’s an example script along with a gui for SiLK rw commands.FlowBat Download the following source code files from the netsa CERT project home page Fixbuf, netsa-python, Read more
Logstash InstallationThe Logstash package shares the same GPG Key as Elasticsearch, and we already installed that public key, so let’s create and edit a new Yum repository file for Logstash:sudo vi /etc/yum.repos.d/logstash.repo Add the following repository configuration:[logstash-1.4]name=logstash repository for 1.4.x packagesbaseurl=http://packages.elasticsearch.org/logstash/1.4/centosgpgcheck=1gpgkey=http://packages.elasticsearch.org/GPG-KEY-elasticsearchenabled=1 Save and exit.Install Logstash 1.4.2 with this command:sudo yum Read more
These installs are on the latest CentOS6 as of October 2014. First we have to install PF_RING to take advantage of the performance boost and to load balance bro processes. Bro is not multithreaded. Package Prerequisites: sudo yum install subversion cmake make gcc gcc-c++ flex bison libpcap-devel openssl-devel python-devel swig Read more
Let’s say you’re using Bro, and you have this bad assed app called ELSA to search through the mountains of logs produced. You find exactly what you’re looking for but you need the payload from the stream. One option is to integrate ELSA and Moloch. It’s super easy. edit /etc/elsa_web.conf Read more
WordPress MU uses a PHP mailer function to send email. Therefore you have to change the setting in /wp-includes/pluggable.php. Unlike regular wordpress, where you can change the setting in wp-functions.php or wp-mail.php. Edit pluggable.php // From email and name// If we don’t have a name from the input headersif ( Read more
Engineering Principles for IT SecurityPrinciples and Practices for Securing ITComputer Security Act of 1987Government Information Security Reform ActFIPSPrivacy Act of 1974Recommended Security Controls
Risk Management Guide For IT SystemsSEPM Certificate ProgramsRisk Management and Business Continuity PlanningPerformance Measurement Guide for Information SecurityThreat and Risk Assessment Working Guide
NCSA Security PoliciesSANS Policy TemplatesInformation Security Policies and Standards
I have started my training for my CISSP, so many many cool links will be posted on this site. Well, cool if you’re a huge nerd. Here’s the first few. Pentesting Framework:http://www.vulnerabilityassessment.co.uk/index.htm CISSP Training Resources:http://cccure.org/ISO 17799http://www.17799.com/http://www.isaca.org/http://www.itil-officialsite.com/home/home.asp
Here’s my fig for Ubuntu 8.10 Server. $ cat /etc/apache2/sites-available/splunk<virtualhost X.X.X.X:80> ServerAdmin root@localhost ServerAlias splunk.example.com ProxyPass / http://127.0.0.1:8000/ ProxyPassReverse / http://127.0.0.1:8000/ ErrorLog /var/log/splunk.example.com-error_log CustomLog /var/log/splunk.example.com-access_log common</virtualhost><proxy http://127.0.0.1:8000/*> Order deny,allow Deny from all Allow from all AuthName “splunk.example.com” AuthType Basic AuthUserFile /var/www/.htpasswd Require valid-user</proxy>$ cat /var/www/.htaccessAuthUserFile /var/www/.htpasswdAuthName “Authorized Users Only”AuthType Basicrequire Read more
Get the cpufrequtils package from http://www.linuxpackages.netCreate a script like so: #!/bin/bashmodprobe p4-clockmodmodprobe freq_tablemodprobe cpufreq_ondemandmodprobe cpufreq_conservativemodprobe cpufreq_powersavemodprobe cpufrew_performancecpufreq-set -g performance You can use any of the governor options listed above as the g option for cpufreq-set. cat /proc/cpuinfo.
I’ve had this problem for a while, and lately it really got on my nerves. I run compiz on my work and home machines with dual monitors and twinview. When I maximize a window, it really maximizes and across both screens. Very very annoying. No matter what version of compiz Read more
I’ve been working with Websense for many years. It’s very pricey and since not everyone can afford it, I have had to find a workaround. The answer for me is simply safesquid. Here’s how I did it with very little user intervention, and no touching of client pcs/macs. Step 1. Read more
For a while now, I’ve been trying to find a way to run a sniffer at some location and monitor it remotely via a web page or some curses based GUI. I’ve been working with Snort for years. The web interfaces like Base are ok, but I’ve always wanted a Read more