eBPF bypass with Suricata 7.0.2 in Debian 12 Bookworm

This does not work out-of-the-box currently. I saw a bug report that the currently shipped .bpf files are not working with current libbpf (version >1.0). However, here’s how you can compile them yourself.

Continue reading eBPF bypass with Suricata 7.0.2 in Debian 12 Bookworm

Your site is unable to reach wordpress.org or dokuwiki plugin store through suricata?

I had some trouble with Suricata as an IPS with wordpress and dokuwiki. My wordpress was unable to reach wordpress.org and my dokuwiki was unable to reach the plugin/extension store of dokuwiki. While I’m (still) not sure what exactly is causing this, I found a work-around for it.

Continue reading Your site is unable to reach wordpress.org or dokuwiki plugin store through suricata?

Hardening your OpenSSH Configuration – Do you know about the tool ssh-audit? [updated]

OpenSSH usually comes with a default configuration which provides high compatibility. So even old clients can still connect. However, this compatibility comes at a price because some of the ciphers / algorithms used may be open to vulnerabilities. If you want to strengthen the encryption and get an overview about known vulnarabilities with your OpenSSH Server or Client configuration, ssh-audit is for you.

Continue reading Hardening your OpenSSH Configuration – Do you know about the tool ssh-audit? [updated]

Digitization of documents in Linux with paperless-ngx Part 1 – Installing and securing it

When I read about paperless-ngx I liked the idea of having all my documents in a central storage so that I could access them from all my devices. Furthermore those documents would be indexed (also using OCR) so that I could search (fulltext) in all of them. Due to the tagging system – if done correctly – exporting all my documents for my yearly tax declaration should just take seconds…

Continue reading Digitization of documents in Linux with paperless-ngx Part 1 – Installing and securing it

Create a suricata rules file using fail2ban

In my last posts I’ve shown a central syslog which feeds fail2ban, suricata as an intrusion prevention system (IPS) and here is the final piece which feeds suricata with the results of fail2ban by creating a .rules file for suricata-update.

Continue reading Create a suricata rules file using fail2ban

Working with suricata

This is a follow up to my last post in which I described how to setup suricata as a IPS which bridges traffic between two interfaces using af-packet (and all that in a virtual machine). Here I’m showing how to work with suricata in general – or rather – how I work with suricata.

Continue reading Working with suricata

Setting up Suricata in Debian Bookworm running in KVM with af-packet as IPS

Suricata is a Network Intrusion Detection and Prevention System as well as a Network Security Monitoring engine. For now I am using Suricata as an IPS and here I’ll show you how to set it up.

Continue reading Setting up Suricata in Debian Bookworm running in KVM with af-packet as IPS