Your site is unable to reach wordpress.org or dokuwiki plugin store through suricata?

I had some trouble with Suricata as an IPS with wordpress and dokuwiki. My wordpress was unable to reach wordpress.org and my dokuwiki was unable to reach the plugin/extension store of dokuwiki. While I’m (still) not sure what exactly is causing this, I found a work-around for it.

Continue reading Your site is unable to reach wordpress.org or dokuwiki plugin store through suricata?

Hardening your OpenSSH Configuration – Do you know about the tool ssh-audit? [updated]

OpenSSH usually comes with a default configuration which provides high compatibility. So even old clients can still connect. However, this compatibility comes at a price because some of the ciphers / algorithms used may be open to vulnerabilities. If you want to strengthen the encryption and get an overview about known vulnarabilities with your OpenSSH Server or Client configuration, ssh-audit is for you.

Continue reading Hardening your OpenSSH Configuration – Do you know about the tool ssh-audit? [updated]

Digitization of documents in Linux with paperless-ngx Part 1 – Installing and securing it

When I read about paperless-ngx I liked the idea of having all my documents in a central storage so that I could access them from all my devices. Furthermore those documents would be indexed (also using OCR) so that I could search (fulltext) in all of them. Due to the tagging system – if done correctly – exporting all my documents for my yearly tax declaration should just take seconds…

Continue reading Digitization of documents in Linux with paperless-ngx Part 1 – Installing and securing it

Create a suricata rules file using fail2ban

In my last posts I’ve shown a central syslog which feeds fail2ban, suricata as an intrusion prevention system (IPS) and here is the final piece which feeds suricata with the results of fail2ban by creating a .rules file for suricata-update.

Continue reading Create a suricata rules file using fail2ban

Working with suricata

This is a follow up to my last post in which I described how to setup suricata as a IPS which bridges traffic between two interfaces using af-packet (and all that in a virtual machine). Here I’m showing how to work with suricata in general – or rather – how I work with suricata.

Continue reading Working with suricata

Setting up Suricata in Debian Bookworm running in KVM with af-packet as IPS

Suricata is a Network Intrusion Detection and Prevention System as well as a Network Security Monitoring engine. For now I am using Suricata as an IPS and here I’ll show you how to set it up.

Continue reading Setting up Suricata in Debian Bookworm running in KVM with af-packet as IPS

Setup a central logging instance (and use it to block traffic using fail2ban)

A very light-weight approach for storing logs centralized is by just using rsyslog. My virtual machines all use rsyslog. That rsyslog sends it’s logs to another internal virtual machine which runs rsyslog as well. A fail2ban instance is checking all these logs and sending a block command to the firewalls. Here is how.

Continue reading Setup a central logging instance (and use it to block traffic using fail2ban)

Encrypting existing volumes in ZFS using zfs send and zfs recv

Let’s say you want to encrypt your previously not encrypted data – in my example a ZFS pool. A good way to do so is to simply use zfs send and zfs receive. These commands can be used to transfer ZFS data streams. The procedure is pretty simple. Create a snapshot, transfer this snapshot using zfs send and receive it using zfs receive.

Continue reading Encrypting existing volumes in ZFS using zfs send and zfs recv