jorritfolmer

Spec file to generate libnss-ato RPMS for RHEL systems

Name:		libnss-ato
Version:	1.0
Release:	1%{?dist}
Summary:	NSS catchall module

Group:		System Environment/Libraries
License:	GPL 2.0

jorritfolmer

Docker on RHEL 7 quickstart

NOTE: below is an attempt to build a container that can be used as as OS-container instead of an application-container. Like OpenVZ, but by using Docker. Currently this requires running the containers in privileged more, which doesn't really seperate the containers in a secure fashion

It does result in a container with a public IP address, running systemd, that you can also SSH to

Prerequisites: enable the rhel-7-server-extras-rpms yum repository

Installation

jorritfolmer

Kali OpenVAS NVT scanners that are not working by default

Arachni

Arachni could not be found in your system path.
OpenVAS was unable to execute Arachni and to perform the scan you
requested.
Please make sure that Arachni is installed and that arachni is
available in the PATH variable defined for your environment.

jorritfolmer

Dockerfile

# Well ok CENTOS then
FROM centos:7

# Point to your local repository with Splunk(forwarder)s
RUN echo $'[splunk]\n\
name=Splunk\n\
baseurl=http://repo.testlab.local/splunk\n\

jorritfolmer

NXlog config to create a syslog server on Windows

Creates a log file for each connecting syslog client, based on IP address. Also takes care of rotating the files, limiting the archive to 5 log files of 100M This config is meant to allow a Splunk Universal Forwarder to collect the syslog files, using the following inputs.conf:

inputs.conf (Splunk):

[monitor://c:/log/192.168.1.1/*.log]

jorritfolmer

[Unit]
After=network.target
Wants=network.target
Description=Splunk Enterprise


[Service]
Type=forking
RemainAfterExit=False

jorritfolmer

pam_python.so on RHEL systems

pam_python.so is not readily available on RHEL systems. Here's how to create an RPM from Russell's tar.gz:

1. download pam-python.1.0.4.tar.gz to ~/rpmbuild/SOURCES
2. copy/paste pam-python.spec from below in ~/rpmbuild/SPECS/
3. copy/paste pam-python-1.0.4-fix-compile-rhel.patch from below in ~/rpmbuild/SOURCES
4. rpmbuild -bb ~/rpmbuild/SPECS/pam-python.spec

pam-python.spec

jorritfolmer

Installing MITRE Caldera on RHEL7

Doesn't seem to want to run in a virtualenv, not sure why.

Steps

1. yum install rh-python36
2. yum install gcc
3. scl enable rh-python36 bash
4. git clone https://github.com/mitre/caldera.git --recursive --branch 2.7.0

jorritfolmer

AWS Route53 DNS logging via CloudWatch Logs

^\S+ \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d+Z \S+ (?<query>\S+) (?<record_type>\S+) (?<reply_code>\S+) (?<transport>\w+) (?<dest>\S+) (?<src>\S+) (?<vendor_edns_client_subnet>\S+)

jorritfolmer

Onboarding MITRE EDR evaluations round 2 (APT29) into Splunk

MITRE have just published the JSON results of their EDR evalutions simulating APT29. However also this time their structure makes it difficult to Splunk. Use this Python script for easier Splunking.

Usage

$ python transpose_mitre_eval_apt29.py file.json > file_for_splunk.json