Arachni could not be found in your system path.
OpenVAS was unable to execute Arachni and to perform the scan you
requested.
Please make sure that Arachni is installed and that arachni is
available in the PATH variable defined for your environment.
pam_python.so is not readily available on RHEL systems. Here's how to create an RPM from Russell's tar.gz:
- download pam-python.1.0.4.tar.gz to ~/rpmbuild/SOURCES
- copy/paste pam-python.spec from below in ~/rpmbuild/SPECS/
- copy/paste pam-python-1.0.4-fix-compile-rhel.patch from below in ~/rpmbuild/SOURCES
- rpmbuild -bb ~/rpmbuild/SPECS/pam-python.spec
NOTE: below is an attempt to build a container that can be used as as OS-container instead of an application-container. Like OpenVZ, but by using Docker. Currently this requires running the containers in privileged more, which doesn't really seperate the containers in a secure fashion
It does result in a container with a public IP address, running systemd, that you can also SSH to
Prerequisites: enable the rhel-7-server-extras-rpms
yum repository
Creates a log file for each connecting syslog client, based on IP address. Also takes care of rotating the files, limiting the archive to 5 log files of 100M This config is meant to allow a Splunk Universal Forwarder to collect the syslog files, using the following inputs.conf:
[monitor://c:/log/192.168.1.1/*.log]
The install fails with BSOD and "Your PC ran into a problem and needs to restart. We're just collecting some error info, and then we'll restart for you."
After reboot it returns with the following message: "The computer restarted unexpectedly or encountered an unexpected error. Windows installation cannot proceed. To install Windows, click OK to restart the computer, and then restart the installation.":
[Unit]
After=network.target
Wants=network.target
Description=Splunk Enterprise
[Service]
Type=forking
RemainAfterExit=False
The JSON results of the APT3 evaluations can be found here: Round 1, APT3. For easier Splunking you have to transpose the JSON files from MITRE with the script below. This allows you to perform searches to compare detection results from each EDR vendor.
$ python transpose_mitre_eval.py file_from_mitre.json > better_file_for_splunking.json
MITRE have just published the JSON results of their EDR evalutions simulating APT29. However also this time their structure makes it difficult to Splunk. Use this Python script for easier Splunking.
$ python transpose_mitre_eval_apt29.py file.json > file_for_splunk.json