Informational

First, create a CSR (need to have an openssl.cnf file as a template for required certicate elements)
If creating a wildcard certificate, the CN = *.domain.com

openssl req -new -newkey rsa:2048 -nodes -keyout star.key -out star.csr

The "star.csr" is the CSR, the "star.key" is the private key

Copy "star.key" as a private key name, keep it simple, like pk.domain_com.key

Once you get the certificate's by uploading the CSR to a CA, rename the files to make since.
Typically, they will generate a .CRT and a .P7B file along with CA Bundle.

Create a .CER file (if needed)
openssl pkcs7 -print_certs -in domain_com.p7b -out domain_com.cer

Create a .P12 file (if needed) (Cisco ASA requires a .P12 file)
openssl pkcs12 -export -in domain_com.cer -inkey pk.domain_com.key -out domain_com.p12

Create a .PEM file (if needed) (HAProxy requires a .PEM file)
openssl pkcs7 -print_certs -in domain_com.p7... more

Informational

Step 1: Run command: sudo apt-get install tacacs+

Step 2: Edit the tac_plus.conf file but before that we must backup to original file to refer to in case anything breaks.

Step 3: Create a file on which the accounting information will be written to. This is done with the help of below command.

touch /var/log/tac_plus.acct

Step 5: In this step we will edit the tac_plus.conf file at below location.
sudo nano /etc/tacacs+/tac_plus.conf
The tac_plus.conf file looks like below:

lab@lab_VM1:~$ cat /etc/tacacs+/tac_plus.conf

# Created by Henry-Nicolas Tourneur(henry.nicolas@tourneur.be)

# See man(5) tac_plus.conf for more details

# Define where to log accounting data, this is the default.

accounting file = /var/log/tac_plus.acct

# This is the key that clients have to use to access Tacacs+

key = testing123
# We also can define local users and specify a file whe... more

Informational

On trying to run a PowerShell script from the PowerShell console, I received this error message: “File C:tempscript.ps1 cannot be loaded because running scripts is disabled on this system. For more information, see about_Execution_Policies at https://go.microsoft.com/fwlink/?LinkID=135170.”

Root Cause:

This is due to the Windows PowerShell execution policy being set to prevent untrusted scripts that can affect your Windows client environment. Execution policies are security settings that determine the trust level for scripts run in PowerShell. The default execution policy is “strict” on client operating systems like Windows 10, preventing Windows PowerShell commands and scripts from running.

Set the Execution Policy:

Set the execution Policy with the following command:

PS C:/WINDOWS/system32> Set-ExecutionPolicy RemoteSigned
Type “Y” when prompted to proceed. That’s all! This should solve the issue.<... more

Informational

NAME
       logger - enter messages into the system log

SYNOPSIS
       logger [options] [message]

DESCRIPTION
       logger makes entries in the system log.

       When  the  optional  message  argument is present, it is written to the log.  If it is not
       present, and the -f option is not given either, then standard input is logged.

OPTIONS
       -d, --udp
              Use datagrams (UDP) only.  By default the connection is tried to  the  syslog  port
              defined in /etc/service... more

.

Informational

Make sure you have Docker and docker-compose installed.

Create Docker Volume

Portainer stores information on a Docker volume. Type the following command to create a Docker volume for the Portainer Server:

$ docker volume create portainer_data

Step 2: Install Portainer Server
The latest Portainer Community Edition image is available on Docker Hub. Use the docker run command to pull the image and start a Portainer Server container:

$ docker run -d   -p 9443:9443   --name portainer
--restart unless-stopped
-v data:/data   -v /var/run/docker.sock:/var/run/docker.sock
portainer/portainer-ce:latest

$ docker stop portainer

$ docker start portainer

Informational

Make sure you have Docker and docker-compose installed.

Download Shuffle

$ git clone https://github.com/Shuffle/Shuffle

$ cd Shuffle

Fix prerequisites for the Opensearch database (Elasticsearch):

$ mkdir shuffle-database

$ sudo chown -R 1000:1000 shuffle-database

Run docker-compose.

$ docker-compose up -d

Recommended for Opensearch to work well

$ sudo sysctl -w vm.max_map_count=262144  

.

Informational

A virtual machine fails to power on with the error: Unsupported and/or invalid disk type (1028943).

This issue occurs if a virtual machine that is meant for VMware Hosted products such as VMware Workstation, VMware Player or VMware Fusion is powered-on on an ESX/ESXi host.

Connect to the ESX/ESXi host via SSH.

For more information, see Using Tech Support Mode in ESXi 4.1 and ESXi 5.x (1017910).

Run this command:

vmkfstools -i HostedVirtualDisk ESXVirtualDisk

Where HostedVirtualDisk is the path to the vmdk on the host and ESXVirtualDisk is the vmdk to be output by the command.

For example:

vmkfstools -i /vmfs/volumes/datastore/virtual_machine_folder/virtual_machine.vmdk /vmfs/volumes/datastore/new_virtual_machine_folder/virtual_machine.vmdk

Detach the currently attached VMDK from the virtual machine:

In the vSphere Client or vSphere Web Client, right-click the virtual mac... more

Informational

First, update your system. It’s a good practice to follow before installing anything on your system, just to avoid dependency issues and version incompatibility.

You can do this easily in a terminal:

# apt update
# apt upgrade

Then you’ll also need to install curl on your system if not already there:

# apt install curl

Once your system is ready, the installation can be done with only one command, by copying and pasting this into a terminal:

# curl -sSL https://install.pi-hole.net | bash

Follow the prompts....

Informational

Install Docker Compose

$ sudo apt-get install docker-compose

Clone the repository

$ git clone https://github.com/OpenCTI-Platform/docker.git opencti-docker
$ cd opencti-docker

Configure the environment settings
Before running the docker-compose command, settings must be configured. Copy the sample settings file and change it accordingly to your needs.

$ vi .env

OPENCTI_ADMIN_EMAIL=admin@opencti.io
OPENCTI_ADMIN_PASSWORD=changeme
OPENCTI_ADMIN_TOKEN=ChangeMe_UUIDv4
OPENCTI_BASE_URL=http://localhost:8080
MINIO_ROOT_USER=opencti
MINIO_ROOT_PASSWORD=changeme
RABBITMQ_DEFAULT_USER=opencti
RABBITMQ_DEFAULT_PASS=changeme
CONNECTOR_EXPORT_FILE_STIX_ID=dd817c8b-abae-460a-9ebc-97b1551e70e6
CONNECTOR_EXPORT_FILE_CSV_ID=7ba187fb-fde8-4063-92b5-c3da34060dd7
CONNECTOR_EXPORT_FILE_TXT_ID=ca715d9c-bd64-4351-91db-33a8d728a58b
CONNECTOR_IMPORT_FILE_STIX_ID=72327164-0b35-482b-... more

Informational

First, you need to know the path to the partition (naa.xxxxxx:1). Run the following command to display a list with Volume Name, VMFS UUID and Device Name:

esxcli storage vmfs extent list

[root@ESXi-04:~] esxcli storage vmfs extent list
Volume Name            VMFS UUID                            Extent Number  Device Name                                                               Partition
---------------------  --... more

.

Informational

Here is an example of how to ignore all events that the "message_info" field is equal to "Address spoofing":

props.conf:
[checkpoint:syslog]
TRANSFORMS-null=setnullCheckpoint

transforms.conf
[setnullCheckpoint]
REGEX=message_info="Address spoofing"
DEST_KEY=queue
FORMAT=nullQueue

Informational

The vmk0 is a virtual interface and a MAC address is generated for it when it is created. When the ESXi template is cloned the vmknic and its configuration (Name, MAC, MTU, and IP settings) are also cloned. Accessing ESXi Shell and running esxcfg-vmknic -l will list the configured vmknics and the configurations (including the MAC) of each.

Enable ssh on the host you want to change:

esxcfg-nics -l lists your physical nics on the machine, with their correct macs.
esxcfg-vmknic -l lists the management nics, which are the ones you want to change.

Copy the good macs, then edit /etc/vmware/esx.conf, and scroll down.
Just replace the macs there.

Save the file, then type “dcui” to get to the console screen, login, then simply restart the management network.

Ctrl-C to go back to the shell, and check again esxcfg-nics -l and esxcfg-vmknic -l.

They should be the same.

Informational

Security Onion Update Procedure

soup - Security Onion UPdate
Soup will automatically install all available package updates (from both Ubuntu and Security Onion) and all updated Docker images.

sudo soup

Please pay attention to the output of this command as it may request that you take specific action, such as manually restarting services.

Snort/Suricata
Snort package upgrades will back up each of your existing snort.conf files to snort.conf.bak and migrate your HOME_NET and EXTERNAL_NET variables.

Suricata package upgrades will back up each of your existing suricata.yaml files to suricata.yaml.bak and migrate your HOME_NET and EXTERNAL_NET variables.

You'll then need to do the following:

re-apply any other local customizations to your snort.conf/suricata.yaml file(s)

update ruleset and restart Snort/Suricata as follows:

sudo rule-update

Bro
Bro package upgrades w... more

Informational

I always forget these two commands:

sudo a2enmod ssl
sudo a2enmod rewrite

If needed, generate a self signed certificate:

cd /etc/apache2/certs
openssl req -new -newkey rsa:4096 -x509 -sha256 -day 365 -nodes -out apache.crt -keyout apache.key


Then the standard stuff in sites-enabled.

Informational

1) Create directory in /usr/share/squirrelmail/ for example attach - /usr/share/squirrelmail/attach
2) chmod 733 -R /usr/share/squirrelmail/attach
2) squirrelmail-configure
3) Choose 4(General Options) and press Enter
4) Choose 2(Attachment Directory) and past /usr/share/squirrelmail/attach

Informational

/home/USER/.boot-scripts/screen-off.sh

#!/bin/bash
setterm --blank 1 --powerdown 2
And make script file executable by systemctl. Create file /etc/systemd/system/screen-off.service

[Unit]
Description=Blank screen after 1 min and turn it off after 2 min. Any keypress will turn it back on.
After=ssh.service

[Service]
Type=oneshot
Environment=TERM=linux
StandardOutput=tty
TTYPath=/dev/console
ExecStart=/home/USER/.boot-scripts/screen-off.sh

[Install]
WantedBy=local.target

Make it executable:

#chmod +x /home/USER/.boot-scripts/screen-off.sh
#chmod +x /etc/systemd/system/screen-off.service

And finally get it working and enabled on boot:

#systemctl start screen-off.service
#systemctl enable screen-off.service

To disable it:

#systemctl disable screen-off.service

Informational

Open a terminal and follow these instructions:

1. #sudo -i

2. #touch /etc/apt/sources.list

3. #chmod 644 /etc/apt/sources.list

4. #echo "deb http://http.kali.org/kali kali-rolling main contrib non-free" > /etc/apt/sources.list

5. #apt-key adv --keyserver hkp://keys.gnupg.net --recv-keys 7D8D0BF6

6. #apt update