da_667 da667
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| [Unit] | |
| Description=Snort Daemon | |
| After=syslog.target network.target | |
| [Service] | |
| Type=simple | |
| ProtectHome=true | |
| ProtectKernelTunables=true | |
| ProtectKernelModules=true | |
| ProtectControlGroups=true |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --These configuration lines will perform the following tasks: | |
| --enables the built-in preproc rules, and snort.rules file | |
| --enables hyperscan as the search engine for pattern matching | |
| --enables the IP reputation blocklist | |
| --enables JSON alerting for snort alerts | |
| --enables appid, the appid listener, and logging appid events. | |
| ips = | |
| { | |
| enable_builtin_rules = true, |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| LightSPD_ruleset = true | |
| oinkcode = [your oinkcode here] | |
| snort_blocklist = true | |
| et_blocklist = true | |
| blocklist_path = /usr/local/etc/lists/default.blocklist | |
| pid_path = /var/log/snort/snort.pid | |
| ips_policy = security | |
| rule_mode = simple | |
| rule_path = /usr/local/etc/rules/snort.rules | |
| local_rules = /usr/local/etc/rules/local.rules |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host siem | |
| Hostname 172.16.1.3 | |
| User ayy | |
| Host siemroot | |
| Hostname 172.16.1.3 | |
| User root | |
| Host ips | |
| HostName 172.16.1.4 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host bastion_host | |
| Hostname 10.0.0.162 | |
| User ayy | |
| LocalForward 9000 172.16.1.3:22 | |
| LocalForward 9001 172.16.1.4:22 | |
| LocalForward 9002 172.16.2.2:22 | |
| DynamicForward 9003 | |
| Host bastion_host_root | |
| Hostname 10.0.0.162 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host bastion_host | |
| Hostname 10.0.0.163 | |
| User ayy | |
| LocalFoward 9000 172.16.1.3:22 | |
| LocalFoward 9001 172.16.1.4:22 | |
| LocalFoward 9002 172.16.2.2:22 | |
| DynamicFoward 9003 | |
| Host siem | |
| Hostname 127.0.0.1 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Host siem | |
| Hostname 172.16.1.3 | |
| User ayy | |
| Host ips | |
| HostName 172.16.1.4 | |
| User ayy | |
| Host kali | |
| HostName 172.16.2.2 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #updater.sh - Weekly update script | |
| #checks for updates, downloads them, then reboots the system. | |
| #place this script in /etc/cron.weekly, ensure it is owned by root (chown root:root /etc/cron.weekly/updater) | |
| #ensure the script execute permissions (chmod 700 /etc/cron.weekly/updater) | |
| #if you want updates to run once daily or monthly, you could also place this script into cron.daily, or cron.weekly. | |
| #alternatively, edit /etc/crontab to create a crontab entry. | |
| export DEBIAN_FRONTEND=noninteractive | |
| apt-get -q update | |
| apt-get -y -q dist-upgrade |
da667
/ flightcheck-Linux.sh
Last active
January 26, 2021 20:46
equivalent of the flightcheck-OSX.sh script. Checks to see if vmnet1 (vmware workstation pro) or vboxnet0 (virtualbox) exists, sets its IP to 172.16.1.2/24, then creates a route to 172.16.2.0 via 172.16.1.1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #This script is meant for VMware Workstation Professional, or Oracle Virtualbox users on most modern Linux Distributions. | |
| #Ensure that the Linux distro you will be running this on has the ip [addr/route] command available. | |
| #This script checks for the existence of the interface vmnet1 (vmware workstation) or vboxnet0 (virtualbox) | |
| #and will assign the IP address 172.16.1.2 to the first interface it finds. The script will check to see if vmnet1 exists, then check for vboxnet0 | |
| #if neither interface exists, the script will fail. | |
| #after setting the IP address, the script attempts to add a static route to the 172.16.2.0 network via 172.16.1.1 (LAN interface of the pfSense VM) | |
| #Note: If you are using alternative networks for your lab other than 172.16.1.0/24, and 172.16.2.0/24, you will have to modify the ip route and ip addr add statements on lines 42, 55, and 75 on your own to reflect your lab network properly. You may also want to change the echo statements on lines 41, 44, 56, 58, 73, and 80 if you c |
da667
/ FlightCheck-OSX.sh
Last active
August 24, 2022 10:57
This is a shell script for readers of Building Virtual Labs : A Hands-On Guide, or students of the Building Virtual Labs video training. This script will check to see if the interfaces vmnet2 or vboxnet0 exist. If either does, it configures the IP to 172.16.2.0 and the netmask to 255.255.255.0, then sets up a static route to 172.16.2.0/24 via 17…
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/bash | |
| #This script is meant for VMware Fusion Professional, or Oracle Virtualbox users on OSX | |
| #This script checks for the existence of the interface vmnet2 (vmware fusion) or vboxnet0 (virtualbox) | |
| #and will assign the IP address 172.16.1.2 to the first interface it finds. The script will check to see if vmnet2 exists, then check for vboxnet0 | |
| #if neither interface exists, the script will fail. | |
| #after setting the IP address, the script attempts to add a static route to the 172.16.2.0 network via 172.16.1.1 (LAN interface of the pfSense VM) | |
| #Note: If you are using alternative networks for your lab other than 172.16.1.0/24, and 172.16.2.0/24, you will have to modify the route, and ifconfig statements on lines 38, 50, and 69 on your own to reflect your "Management" and "IPS" networks. | |
| ### Notifying users to have VMs up and running ### |
NewerOlder