Posts

What is a SIEM solution

  What is a SIEM solution I am updating my blog after quite a while and will try to talk about Cyber Security. In today’s blog we are going to talk about a term used commonly in Cyber Security, which is SIEM. SIEM stands for “Security Incident and Event Management” It is a combination of security information management and security event management. SIEM keeps track of the security posture of an organization by collecting security related data of information an organization in form of logs and store them for analysis for upcoming threats and it also monitors the infrastructure of an organization (both on premises and cloud based.) There are different SIEM solutions offered, some of the common and popular ones are Rapid7, Sentinel One, Splunk, ActZero. Most of these solutions can also integrate with next generation EDR/XDR/MDR solutions like Crowd Strike as well. SIEM is the center of organizations security operations (SOC).  Some of the salient features of a...
Post a Comment
Read more

Script to find memory usage on Ubuntu

This simple script will show the total memory, free memory and percentage of memory used. Have tested it on Ubuntu 14/16 but will work on CentOS as well #!/bin/bash freemem=$(($(free -m |grep "buffers/cache:"|awk '{print $4}'))) totalmem=$(($(free -m |awk 'NR==2 {print $2}'))) usage=$(($totalmem-$freemem)) echo "Memory used: $usage" echo "Total memory: $totalmem" usage=$(($usage*100 / $totalmem)) echo "Usage percentage: $usage" echo "Free memory: $freemem" echo "$TIMESTAMP $totalmem $usage $freemem"
Post a Comment
Read more

Outside NAT script on Linux

/sbin/ifconfig eth1:1 202.141.240.174 netmask 255.255.255.248 /sbin/ifconfig eth1:1 up /sbin/iptables -t nat -A PREROUTING -j DNAT -d 202.141.240.174 --to-destination 192.168.0.22 /sbin/iptables -t nat -A POSTROUTING -j SNAT -s 192.168.0.22/32 -d 0/0 --to-source 202.141.240.174 Another useful link http://home1.gte.net/res0psau/security/nat-on-linux.html http://www.cyberciti.biz/faq/linux-demilitarized-zone-howto/
Post a Comment
Read more

Implementation of central authentication from Active Directory for Samba Shares

You have configure Kerberos and Winbind to join Active Directory. Configure Samba to use ADS in globals [global] workgroup = ******* realm = ******.COM.PK server string = ***** security = ADS map to guest = Bad Uid password server = ip adrress of Domain Controller log file = /var/log/samba/log.%m max log size = 50 idmap uid = 100000-200000 idmap gid = 100000-200000 cups options = raw [homes] comment = Home Directories read only = No browseable = No [printers] comment = All Printers path = /var/spool/samba printable = Yes browseable = No [Test] path = /d/infopool valid users = rahat.khan, *******\Administrators, *****\rahat.khan admin users = ******\rahat.khan write list = ******\rahat.khan acl group control = Yes guest ok = yes
Post a Comment
Read more

fwbaackups

fwbackups is a feature-rich user backup program that allows you to backup your documents anytime, anywhere. It is completely free to download and use without any sort of trial or restrictions. In fact, fwbackups is open-source, which means anybody can use, share it and improve it. If you would like to help develop or test fwbackups, see the developer's page. fwbackups offers a simple but powerful interface that permits you to perform backups with ease. With support for scheduled backups and backing up to remote computers, you will never have to worry about losing your data again. For more information, select a page from the menu on the left of this text. fwbackups - Features fwbackups™ has a rich interface that is both powerful and easy to use. Here are just a few of its many features: * Simple interface: Configuring new backups or restoring documents from a previous backup is a breeze. * Cross-platform: It doesn't matter if you're running Microsoft Windows, Mac OS ...
Post a Comment
Read more

How to start Virtual Machines automatically in VirtualBox

Create Config File for vboxcontrol service script # mkdir /etc/virtualbox # touch /etc/virtualbox/machines_enabled The file “machines_enabled” located in “/etc/virtualbox” is where we list the names of the Guest VM’s that we want vboxcontrol to control. To get a list of your current Guest VM names execute the following command and notice the name is in ” “: $ VBoxManage list vms "Windows XP" {5087b02a-5816-4c76-b302-c13175623023} "Windows 7" {bcae660a-f627-46d6-8c95-9da97363eeea} "Windows 2008" {3907173c-cc15-4820-a930-f0bb3c13cb7e} Add Guest VM’s to “machines_enabled” include one VM name per line # vi /etc/virtualbox/machines_enabled Windows XP Windows 7 Windows 2008 Add VirtualBox VM Service script Create new init.d service script file and give execute permissions # touch /etc/init.d/vboxcontrol # chmod 755 /etc/init.d/vboxcontrol Copy the following code into file “/etc/init.d/vboxcontrol” #! /bin/sh # vboxcontrol Startup script for VirtualBox Virtual ...
Post a Comment
Read more

PacketFence

PacketFence is a fully supported, trusted, Free and Open Source network access control (NAC) system. Boasting an impressive feature set including a captive-portal for registration and remediation, centralized wired and wireless management, 802.1X support, layer-2 isolation of problematic devices, integration with the Snort IDS and the Nessus vulnerability scanner; PacketFence can be used to effectively secure networks - from small to very large heterogeneous networks. PacketFence
Post a Comment
Read more