cnit470's People
Contributors
Watchers
cnit470's Issues
Remove all snapshots
Snapshots now have a maximum time of 48 hours, or will be forcibly removed. We need to remove any we have so far and use clones if we want to achieve a VM backup.
OSSEC agent immeaditely stops
Click the option to start the agent, will say agent started. Press refresh, will say agent stopped.
Web server needs non default landing page
Per Lab 5 manual: "The webserver must be Apache2 and should serve out a non-default, basic webpage from the currently configure webroot (/var/www/html)..."
Synchronize time on all machines
In order for the created logs to be more useful, we should synchronize the time on all the machines using NTP. The procedure I would suggest:
- Set one of our new VMs to act as a local NTP server getting it's time from other NTP servers.
- Have all other machines reference our local NTP server.
Index.html connection refusing
Finished everything else left for nginx.
There was an issue with index.html for 5.2.1 where connection keeps refusing not sure what's going on
Cannot `yum update` on new CentOS machine
When running sudo yum update for the first time on the new CentOS machine the relevant output was:
Not using downloaded base/repomd.xml because it is older than what we have:
Current : Thu May 3 20:17:37 2018
Downloaded: Tue Aug 4 14:22:51 2009
...
Not using downloaded extras/repomd.xml because it is older than what we have:
Current : Tue Oct 2 14:47:48 2018
Downloaded: Sun May 15 13:41:21 2011
...
Error: Package: centos-release-scl-rh-2-2.el7.centos.noarch (@extras)
Requires: system-release
Removing: centos-release-7-5.1804.4.el7.centos.x86_64 (@CentOS-Updates)
system-release = 7.5-8
Updated By: 6:centos-release-4-9.1.x86_64 (update)
Not found
Available: centos-release-7-5.1804.el7.centos.x86_64 (base)
system-release = 7.5-8
Available: 6:centos-release-4-9.x86_64 (update)
Not found
Error: Package: setup-2.8.71-9.el7.noarch (@anaconda)
Requires: system-release
Removing: centos-release-7-5.1804.4.el7.centos.x86_64 (@CentOS-Updates)
system-release = 7.5-8
Updated By: 6:centos-release-4-9.1.x86_64 (update)
Not found
Available: centos-release-7-5.1804.el7.centos.x86_64 (base)
system-release = 7.5-8
Available: 6:centos-release-4-9.x86_64 (update)
Not found
Error: Package: grubby-8.28-23.el7.x86_64 (@anaconda)
Requires: system-release
Removing: centos-release-7-5.1804.4.el7.centos.x86_64 (@CentOS-Updates)
system-release = 7.5-8
Updated By: 6:centos-release-4-9.1.x86_64 (update)
Not found
Available: centos-release-7-5.1804.el7.centos.x86_64 (base)
system-release = 7.5-8
Available: 6:centos-release-4-9.x86_64 (update)
Not found
Error: initscripts conflicts with 6:centos-release-4-9.1.x86_64
Cannot `yum update`
When trying to run sudo yum update there are the following errors:
Error: Package: python-linux-procfs-0.4.9-5.el6.noarch (base)
Requires: python(abi) = 2.6
Installed: python-2.7.5-69.el7_5.x86_64 (@CentOS-Updates)
python(abi) = 2.7
python(abi) = 2.7
Available: python-2.6.6-66.el6_8.x86_64 (base)
python(abi) = 2.6
Available: python-2.6.6-68.el6_10.x86_64 (update)
python(abi) = 2.6
Available: python34-3.4.10-8.el7.x86_64 (epel)
python(abi) = 3.4
Error: Package: libquadmath-devel-4.8.5-28.el7_5.1.x86_64 (@updates)
Requires: libquadmath = 4.8.5-28.el7_5.1
Removing: libquadmath-4.8.5-28.el7_5.1.x86_64 (@updates)
libquadmath = 4.8.2-16.el7_5
libquadmath = 4.8.5-28.el7_5.1
Updated By: libquadmath-8.2.1-1.3.1.el6_10.x86_64 (update)
libquadmath = 8.2.1-1.3.1.el6_10
Available: libquadmath-7.2.1-1.2.1.el6.i686 (base)
libquadmath = 7.2.1-1.2.1.el6
Error: Package: gcc-gfortran-4.8.5-28.el7_5.1.x86_64 (@updates)
Requires: libquadmath = 4.8.5-28.el7_5.1
Removing: libquadmath-4.8.5-28.el7_5.1.x86_64 (@updates)
libquadmath = 4.8.2-16.el7_5
libquadmath = 4.8.5-28.el7_5.1
Updated By: libquadmath-8.2.1-1.3.1.el6_10.x86_64 (update)
libquadmath = 8.2.1-1.3.1.el6_10
Available: libquadmath-7.2.1-1.2.1.el6.i686 (base)
libquadmath = 7.2.1-1.2.1.el6
Error: Package: 2:vim-enhanced-7.4.629-5.el6_10.2.x86_64 (update)
Requires: perl(:MODULE_COMPAT_5.10.1)
Available: 4:perl-5.10.1-144.el6.x86_64 (base)
perl(:MODULE_COMPAT_5.10.1)
Installed: 4:perl-5.16.3-292.el7.x86_64 (@anaconda)
~perl(:MODULE_COMPAT_5.16.0)
~perl(:MODULE_COMPAT_5.16.1)
~perl(:MODULE_COMPAT_5.16.2)
~perl(:MODULE_COMPAT_5.16.3)
Error: Package: satyr-0.16-2.el6.x86_64 (base)
Requires: librpm.so.1()(64bit)
Available: rpm-libs-4.8.0-59.el6.x86_64 (base)
librpm.so.1()(64bit)
Installed: rpm-libs-4.11.3-32.el7.x86_64 (@anaconda)
~librpm.so.3()(64bit)
Error: Package: libgfortran-4.8.5-28.el7_5.1.x86_64 (@updates)
Requires: libquadmath = 4.8.5-28.el7_5.1
Removing: libquadmath-4.8.5-28.el7_5.1.x86_64 (@updates)
libquadmath = 4.8.2-16.el7_5
libquadmath = 4.8.5-28.el7_5.1
Updated By: libquadmath-8.2.1-1.3.1.el6_10.x86_64 (update)
libquadmath = 8.2.1-1.3.1.el6_10
Available: libquadmath-7.2.1-1.2.1.el6.i686 (base)
libquadmath = 7.2.1-1.2.1.el6
Error: Package: grep-2.20-6.el6.x86_64 (base)
Requires: libpcre.so.0()(64bit)
Available: pcre-7.8-7.el6.x86_64 (base)
libpcre.so.0()(64bit)
Installed: pcre-8.32-17.el7.x86_64 (@anaconda)
~libpcre.so.1()(64bit)
~libpcre16.so.0()(64bit)
~libpcre32.so.0()(64bit)
HIDS clients won't connect
Running sudo /var/ossec/bin/manage_agents, and listing agents, we see all agents are added:
Available agents:
ID: 001, Name: Centos7_F21, IP: 10.51.20.10
ID: 004, Name: Win2008_F21, IP: 10.51.20.40
ID: 007, Name: Win10, IP: 10.51.20.70
ID: 005, Name: Win2019, IP: 10.51.20.50
ID: 002, Name: Debian9_F21, IP: 10.51.20.20
ID: 003, Name: Ubuntu_F21, IP: 10.51.20.30
To check if an agent is connected, we run sudo /var/ossec/bin/agent_control -i 004 which reports:
OSSEC HIDS agent_control. Agent information:
Agent ID: 004
Agent Name: Win2008_F21
IP address: 10.51.20.40/32
Status: Never connected
Operating system: Unknown
Client version: Unknown
Last keep alive: Unknown
Syscheck last started at: Unknown
Rootcheck last started at: Unknown
The key is added on Win2008, and the agent is running.
Security Provisioning
Completed 1.1.1 and 1.1.2 from CIS_NGINX benchmark
Enable logging /etc/shadow or /etc/passwd files
need to look for evidence
Kibana Winlogbeat Dashboard
Winlogbeat is the replacement for filebeat on windows. The logs are being sent to the ELK server but there is no dashboard loaded to view the logs. This guide (https://www.elastic.co/guide/en/beats/winlogbeat/6.8/load-kibana-dashboards.html) was followed but elasticsearch would not allow the connection. Another option that can be tried is to download winlogbeat on the ELK server and use the same commands to load in dashboards.
Error when importing OSSEC key
Paste it here (or '\q' to quit): MDAyIERlYmlhbjlfRjIxIDEwLjUxLjIwLjIwIGEwYjE3YjRkODkyNzg1ODc1YmMzMmFlMDYyODZhZjgwZTg5ZWIxZTFhOGViNDEwYTAyMGEzNWY5MzlkMGUwMzk=
Agent information:
ID:002
Name:Debian9_F21
IP Address:10.51.20.20
Confirm adding it?(y/n): y
2021/10/30 14:51:50 manage_agents: ERROR: Cannot unlink /queue/rids/sender: No such file or directory
Added.
** Press ENTER to return to the main menu.
MariaDB stopped
sudo systemctl restart mariadb
Job for mariadb.service failed because the control process exited with error code. See "systemctl status mariadb.service" and "journalctl -xe" for details.
Create separate user accounts for each admin on the legacy machines
To increase non-repudiation and make it easier to discover what Hands did, we should all have our own admin accounts that we use on legacy machines, and not share our passwords.
Port for logstash is closed eventhough service is running
Running nmap 10.51.20.61 -p- gives:
Nmap scan report for 10.51.20.61
Host is up (0.00031s latency).
Not shown: 65531 filtered ports
PORT STATE SERVICE
80/tcp open http
443/tcp closed https
5044/tcp closed lxi-evntsvc
5601/tcp closed esmagent
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. ๐๐๐
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google โค๏ธ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.