Security Onion is a Linux distro for intrusion detection, network security monitoring, and log management. It’s based on Ubuntu and contains Snort, Suricata, Bro, OSSEC, Sguil, Squert, Snorby, ELSA, Xplico, NetworkMiner, and many other security tools. The easy-to-use Setup wizard allows you to build an army of distributed sensors for your enterprise in minutes!
Generate a single alert when something goes wrong. Don’t spam. Be able to alert on both volume of a particular message or lack thereof If alerting on lack thereof, alert even if there was 0 messages during the period I started with the throttle filter but felt the use case I wanted to use was […]
You need to use the find command to list all hidden files recursively on a Linux or Unix like systems. Syntax: Recursively list all hidden files and directories on Linux/Unix
I was recently asked if it was possible to forward vCenter Server logs to a regular syslog server and if so, how difficult would it be to setup? I had researched this topic several years back, but did not find an ideal solution as vCenter Server was only available on the Windows platform and vCenter […]
Most of web-based application development todays were developed using database. The most popular one is using PHP and MySQL. When developing using MySQL most of beginners were using phpMyAdmin as their power tools in database CRUD (Create-Read-Update-Delete) as well as databases/tables creation and manipulation. PhpMyAdmin supports encryption feature which enables database developers to raise their […]
If you have shell or telnet access to your web server, you can backup your MySQL data by using the mysqldump command. This command connects to the MySQL server and creates an SQL dump file. The dump file contains the SQL statements necessary to re-create the database. Here is the proper syntax:
How do I create a custom static HTTP 404 or HTTP 403 error page under nginx web server? First create 404.html in your document root. The default is location is /usr/local/nginx/html/. So create a HTML file as follows:
Below is the architecture we’ll end up with after installing and wiring up everything in this post. You can merge any sort of log aggregration architecture discussed in the previous post with it. Ian has also wrote up many other articles which can be found here
I have installed Openvas 6 on Debian 7 and the following message appears in the Greenbone Security Assistant: Warning: SecInfo Database Missing SCAP and/or CERT database missing on OMP server.
In this document we describe an installation of Puppet configuration manager on a Ubuntu Linux 14.04 Trusty Tahr. The installation will be followed by a simple puppet manifest example to make sure that installation was successful and puppet ready to use as standalone deployment.
Introduction As a lot of articles and programs require to have Java installed, this article will guide you through the process of installing and managing different versions of Java. Installing default JRE/JDK This is the recommended and easiest option. This will install OpenJDK 6 on Ubuntu 12.04 and earlier and on 12.10+ it will install […]
UFW – Uncomplicated Firewall The default firewall configuration tool for Ubuntu is ufw. Developed to easeiptables firewall configuration, ufw provides a user friendly way to create an IPv4 or IPv6 host-based firewall. By default UFW is disabled.
grc will execute command command with optional parameters [args] piping its stdout or stderr into grcat, with apropriate configuration file. Configuration file for grc is determined by /etc/grc.conf file. Format of /etc/grc.conf: each entry consists of 2 lines, between entries there can be any number of empty lines or lines beginning with # (comments)
To setup a default color scheme on Mac OSx we can edit “nano /Applications/MacVim.app/Contents/Resources/vim/vimrc” Then Add the following lines to config file “colorscheme ron”
There are two ways to create an SSH tunnel, local and remote port forwarding (there’s also dynamic forwarding, but we won’t cover that here). The best way to understand these is by an example, let’s start with local port forwarding. Imagine you’re on a private network which doesn’t allow connections to a specific server. Let’s […]
Goto /etc/sysconfig/ Type vi network Press i on the keyboard and change the HOSTNAME to your preferred servername Press ESC on the keybord Save the configuration by :wq! Reboot
After You Have Made your changes in /etc/exports You Just Have to do A “exportfs -a “ to update the NFS Kernel Server Exports
Here is a quick example to view log files on a live system. tail -f /var/log/<log file name> tail -f /var/log/mail.log for reviewing postfix errors
We need to install Portmap and NFS-common on our debian system. sudo apt-get install portmap nfs-common example to mount a server NFS sudo mount ipaddress:(remotedirectory) (localdirectory)
Developed and tested to support demanding workloads, such as Oracle Database. Allows features such as Btrfs, DTrace, OCFS2, and Linux Containers to be used across multiple major releases (Oracle Linux 6.4 and later). Able to parallelize network and disk IO and Efficiently runs on systems with many cores and threads and NUMA nodes. Optimized for solid state drives. Supports data […]
This guide will help you easily set up a email server On Ubuntu using Qmail as MTA, OpenLDAP as a back-end for users, and Courier IMAP for IMAP server. Qmail is a secure, reliable, efficient, simple message transfer agent. It is designed for typical Internet-connected UNIX hosts. As of October 2001, qmail is the second […]
Looking to monitor my SSH server and trigger an email alert for any SSH connections to my Ubuntu server I’ve pulled together a very basic script that will send an email when someone logs into an SSH server. Read on… My ssh server is based around Openssh. Openssh executes the file /etc/ssh/sshrc if it exists […]
This tutorial shows how to set up a USB-over-IP server with Ubuntu 10.04 as well as a USB-over-IP client (also running Ubuntu 10.04). The USB/IP Project aims to develop a general USB device sharing system over IP network. To share USB devices between computers with their full functionality, USB/IP encapsulates “USB I/O messages” into TCP/IP […]
tmux and GNU Screen are well-known utilities which allow multiplexing of virtual consoles. Using either, it is possible to start a session, detach, move to a different machine and resume the session in uninterrupted progress. It’s also possible to use these tools to share a single session between more than one user at the same […]
Cassandra is a distributed database with a BigTable data model running on a Dynamo like infrastructure. It is column-oriented and allows for the storage of relatively structured data. It has a fully decentralized model; every node is identical and there is no single point of failure. It’s also extremely fault tolerant; data is replicated to […]
This tutorial describes how to set up database replication in MySQL using an SSL connection for encryption (to make it impossible for hackers to sniff out passwords and data transferred between the master and slave). MySQL replication allows you to have an exact copy of a database from a master server on another server (slave), […]
Dstat is a versatile replacement for vmstat, iostat, netstat and ifstat. Dstat overcomes some of their limitations and adds some extra features, more counters and flexibility. Dstat is handy for monitoring systems during performance tuning tests, benchmarks or troubleshooting. Dstat allows you to view all of your system resources in real-time, you can eg. compare […]
If you have a server which is not working very well, it is posible that the process that you want to use is in a zombie state. You can see that there is a zombie process with top for example. But with top you can’t not alway see which process it is.
The Webalizer is a fast, free web server log file analysis program. It produces highly detailed, easily configurable usage reports in HTML format, for viewing with a standard web browser.
Previously I used the CAT command and recently came across READOM command that supports error correction from a cdrom device. #cat /dev/cdrom > /home/username/test.iso can be replaced with the right tool for the job #readom dev=/dev/cdrom f=/home/username/test.iso You can also write that image using the #wodim -v -eject /home/username/test.iso