Announcement – I was Recently Published in an Ebook

I am pleased to announced that I was recently published in an ebook, “10 Experts on Active Threat Management”

https://www.countertack.com/ebook-experts-on-active-threat-management

threatmanagement #ebooks

Use ngrep to capture syslog traffic

Instead of using wireshark on Linux to capture traffic try ngrep

# sudo ngrep -d <interface> ‘<search string>’ ‘port 514’

source: http://ngrep.sourceforge.net/usage.html

Export flow logs to an Amazon S3 Bucket

I found the instructions on Amazon’s website to be useless.

This is what worked for me

Define some variables bucket=my-bucket region=us-east-1 log-group-name=primary-nat prefix=my-prefix taskname=my-task start-epoch=1516255200000 end-epoch=1516860000000 Create the bucket aws s3 mb s3://$bucket –region $region Create the Policy cat <<‘EOF’ > ./policy.json { “Version”: “2012-10-17”, “Statement”: [ { “Action”: “s3:GetBucketAcl”, “Effect”: “Allow”, “Resource”: “arn:aws:s3:::replace-bucket”, “Principal”: . . . → Read More: Export flow logs to an Amazon S3 Bucket

How to Install nginx and PHP on CentOS7

Install nginx and PHP on CentOS7

These are some notes from installing nginx on CentOS7

Install some prerequisites sudo yum -y groupinstall “Development tools” sudo yum -y install mlocate sudo yum -y install iptables-services sudo yum -y install php-mysql php-dom sudo yum -y install wget sudo service php-fpm restart Install GeoIP cd /tmp wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz . . . → Read More: How to Install nginx and PHP on CentOS7

iis disable debug

In IIS to disable debug do the following.

Modify the Web.config File Open the Web.config file in a text editor such as Notepad.exe. Web.config file is typically located in the application directory.

Modify the compilation element and set debug=”false”

<compilation debug=”false” />

Save the Web.config file. The ASP.NET application automatically restarts.

Modify the Machine.config file . . . → Read More: iis disable debug

diff two files and output lines not seen in file 2

Problem

You need two diff two files and only output what is unique to file one.

text file 1 contains:

1 2 3 4 5

text file 2 contains:

6 7 1 2 3 4 Solution $ awk ‘FNR==NR{a[$0]++;next}!a[$0]’ file1 file2 6 7

Explanation of how the code works:

If we’re working on file1, track . . . → Read More: diff two files and output lines not seen in file 2

Using lzop on Windows

I wanted a fast way to backup an AppDynamics MySQL database directory on windows. The answer was lzop.

Tools GoW 0.8.0 (GNU on Windows) lzop for Windows Setup Set your Enviornment PATH

After installing GoW and extracting lzop.exe set your environment PATH to include the directory where you extracted lzop.exe

Stop AppDynamics Controller and Database . . . → Read More: Using lzop on Windows

Active Directory Password Expiration Date

To find out the password expiration date for an Active Directory user you must first determine your domain’s password expiration policy and then when the password was last set.

Find your Domain Password Expiration Policy import-module activedirectory Get-ADDefaultDomainPasswordPolicy

Property MaxPasswordAge will tell you the default password expiration policy

Determine Date User Password Was Last Set . . . → Read More: Active Directory Password Expiration Date

IIS7 SNI Rewrite – Howto

Problem

Windows XP Users with IE8 are unable to connect to your Server Name Indication (SNI) enabled Amazon CloudFront distribution.

Solution

Do not rewrite URLs to CloudFront if the user agent indicates a system that does not support SNI.

Example (IIS 7)

Be sure to have the URL Rewrite module installed

URL Rewrite rule precondition . . . → Read More: IIS7 SNI Rewrite – Howto

iis7 insert rewrite rule web.config

To insert a rewrite rule in to a web.config for deployment purposes you need to modify Web.Release.Config

Example <system.webServer> <rewrite xdt:Transform=”Insert”> <outboundRules> <rule name=”Add Cross Origin Access”> <match serverVariable=”RESPONSE_Access_Control_Allow_Origin” pattern=”.*” /> <conditions> <add input=”{REQUEST_URI}” pattern=”.*\.(ttf|otf|eot|woff|svg)\?*.*$” /> </conditions> <action type=”Rewrite” value=”*”/> </rule> </outboundRules> </rewrite> </system.webServer>