Content Packs for Graylog Lately, I have been working with Graylog a lot so I decided to update a few items on github and update their entries on the Graylog marketplace website. BRO content pack for Graylog The BRO IDS content pack contains pipeline rules, a stream, a dashboard displaying interesting activity, and a syslog tcp input to capture and index BRO logs coming from a Security Onion sensor. Fortinet content pack for Graylog The Fortigate UTM content pack contains extractors, a stream, a dashboard displaying the last 24 hours of activity, and a syslog tcp input.

rsync is an awesome tool that I have used extensively. However, I think it is time to explore other tools that can replace some of what rsync has been doing for so many years. I’m not saying you should never use rsync. What I am saying is there are other options, and in some circumstances, rsync isn’t the default choice anymore (at least for me). I went looking for an rsync replacement because I was seeing extremely slow transfer times when moving large data files.

Overview As with any system running software, you are going to have to apply patches to it at some point and VMware is no different. VMware recommends customers install all security patches to maximize the protection that VMware provides. For a list of all security patches, you can go here https://my.vmware.com/group/vmware/patch#search. Login with your myvmware credentials. Once it has been determined patches are available for ESXi, download the offline bundle so they can be pushed out to each VMware host as needed.

Subscription Management using subscription-manager Register a System subscription-manager register --username <username> --password <password> --auto-attach Disable managed yum repositories subscription-manager config –rhsm.manage_repos=0 Enable a specific channel subscription-manager repos –enable rhel-6-server-optional-rpms Sync RHN Profile rhn-profile-sync From https://access.redhat.com/solutions/253273

Upgrading the Salt Minion For installation, follow the instructions on the saltstack website Upgrade the Windows salt-minion Login to the salt-master server and cd to the files directory cd /srv/salt/server-base/file Download the latest version from the SaltStack Website (https://repo.saltstack.com/) wget https://repo.saltstack.com/windows/Salt-Minion-2016.11.1-AMD64-Setup.exe Copy the newest version out to all the Windows servers based on architecture salt -C 'G@os:win* and G@cpuarch:AMD64' cp.get_file 'salt://server-base/files/Salt-Minion-2016.11.1-AMD64-Setup.exe' 'C:\Downloads\Salt-Minion-2016.11.1-AMD64-Setup.exe' Run the install as a background job so it completes (update salt-master with your salt-master’s DNS name or IP)

Accommodate growth of a VM by expanding an LVM partition At some point, a “physical volume” may have to be enlarged to accommodate growth on a VM. This is how you grow the filesystem of an existing VMDK without adding an additional disk to your VM. Enlarging a VMDK login to VMware Find the VM with the disk that needs to be made larger Right click and select “Edit Settings” Find the specific Hard Disk and update the capacity to the desired size Click “Ok” Expanding the VM Volume Size In most cases, the “Physical Volume” information will not be updated automatically.

Configure a Default Zone This is not meant as a full primer for firewalld. It is just meant to document changing the default zone. If you are looking for a more in-depth exposure to firewalld try https://www.hogarthuk.com/?q=node/9 Check available zones firewall-cmd --get-zones Check active zone firewall-cmd --get-active-zones Get current zone of interface (assumes it is in the public zone) firewall-cmd --get-zone-of-interface=<interface returned from above output> Check internal zone for existing services

Overview For anyone that doesn’t know, Security Onion is a custom Linux distribution running on Ubuntu that can be used as a Network Intrusion Detection System (NIDS). Security Onion integrates several configurable apps like BRO IDS, Snort, Suricata, and OSSEC to name a few. By default, there is an integrated ELSA Stack that can be configured, which makes SO a pretty interesting one-stop shop for getting your feet wet with IDS technology.