Here is a general guide to creating and IPsec tunnel between two Cisco routers. This can also be applied to other devices as the concepts the same, but your configuration on those devices might be a little different.
Basic Configuration of Routers
Assign IP Addresses: Ensure both routers have IP Addresses assigned to their interfaces
Configure Routing: Setup Routing (static or dynamic) so the routers know how to reach each other.
Configure ISAKMP (IKE) Policy
ISAKMP (Internet Security Association and Key Management Protocol) policies define how the routers will establish the Phase 1 security associations (SA’s)
Set ISAKMP Policy: Define encryption (AES/3DES), hash (SHA,MD5), authentication (pre-shared keys), group (Deffie-Hellman group), and lifetime values.
The crypto map binds the previous elements together and applies them to the interface.
Create crypto map: Associate the ISAKMP policy, transform set, peer and ACL.
R1(config)# crypto map MYMAP 10 ipsec-isakmp R1(config-crypto-map)# set peer [peer IP address] R1(config-crypto-map)# set transform-set MYSET R1(config-crypto-map)# match address 100
Apply Crypto Map to the Interface
Bind to the Interface: Apply the crypto map to the interface facing the remote site.
Verify configuration: Use these commands like “show crypto isakmp sa”, “show crypto ipsec sa” to check the status of the tunnels
This is a very generic guide on establishing an IPsec tunnel between two Cisco Routers, your requirements might be different. Thanks for reading and leave a comment to hack the WordPress gods.
Today we are going to create a DHCP pool, specifying the required parameters for a example network
First we need to establish a connection to the switch via telnet, ssh or a console cable.
Switch> enable
Password: [Enter your password]
Second we need to enter privileged EXEC mode and then enter global configuration mode
Switch# configure terminal
Switch(config)#
Third we need to create a DHCP pool name and then assign our network address and subnet mask. You will want to replace [POOL_NAME], [NETWORK_ADDRESS] and [SUBNET_MASK] with your own options.
Switch(config)# ip dhcp pool [POOL_NAME]
Switch(dhcp-config)# network [NETWORK_ADDRESS] [SUBNET_MASK]
Our fourth setup will be assigning a default router (gateway) and DNS server options.
Remember to replace to objects in [ ] with your own options.
Below you will find a example of all the options with realistic configuration for a small local network.
Switch(config)# ip dhcp pool Unreal_DHCP
Switch(dhcp-config)# network 192.168.1.0 255.255.255.0
Switch(dhcp-config)# default-router 192.168.1.1
Switch(dhcp-config)# dns-server 8.8.8.8 8.8.4.4
Switch(dhcp-config)# domain-name unreallabs.local
Switch(dhcp-config)# lease 1 * *
Switch(dhcp-config)# exit
Switch(config)# ip dhcp excluded-address 192.168.1.1 192.168.1.10
Switch(config)# end
Switch# write memory
After these steps, the switch will now serve DHCP requests with the defined configurations. Please note that for a switch to effectively act as a DHCP server, it must have IP routing capabilities or be a multi-layer switch. I have also posted a video from our YouTube channel @unreal-labs. Thanks for reading and check back in soon!
Let’s query Active Directory using PowerShell to determine the last time a user has reset or changed their password. I will use the ‘Get-ADUser’ cmdlet to retrieve user properties and the ‘Get-ADUserResultantPasswordPolicy’ for password last set information. If have documented the script you will find it below.
# Ensure ActiveDirectory module is imported
Import-Module ActiveDirectory
# Define the user you want to check
$user = "username" # replace 'username' with the actual username
# Retrieve user info
$userInfo = Get-ADUser -Identity $user -Properties "PasswordLastSet", "LastLogon", "LastLogonTimestamp"
# Convert the LastLogonTimestamp (which is more reliable) to datetime
$lastLogonDate = [DateTime]::FromFileTime($userInfo.LastLogonTimestamp)
# Display information
Write-Output "User: $($userInfo.SamAccountName)"
Write-Output "Password Last Set: $($userInfo.PasswordLastSet)"
Write-Output "Last Login Time: $lastLogonDate"
Below you will find an example output, I hope this helps and feel free to add, export, or change this as needed.
User: username Password Last Set: 05/02/2023 16:04:44 Last Login Time: 05/02/2023 16:16:10
Here is how I setup and configure SFTP on my Ubuntu server.
Install the OpenSSH Server:
If you haven’t already installed the SSH server, you can do so with the below command.
sudo apt update
sudo apt install openssh-server
Let’s now verify SSH service is running.
sudo systemctl status ssh
Let’s configure SFTP
By default, any user with SSH access to the server can use SFTP to access their home directories. If you want to restrict SFTP users to their home directory, you should “chroot” them.
Let’s edit the SSh configuration file:
sudo nano /etc/ssh/ssh_config
add the following at the bottom of the file:
Match Group sftpusers
ChrootDirectory %h
ForceCommand internal-sftp
AllowTcpForwarding no
PasswordAuthentication yes
Save and close the file.
Let’s create the sftpusers group and a user account and then add them to the group.
Now, the user will be chrooted into their home directory when they log in with SFTP and they won’t be able to navigate outside of it. It’s important to remember that when chroot with SFTP, you must always ensure that the chroot directory and all of it’s parent directories remain owned by ‘root’ and are not writable by the chrooted user. If this is not the case, then the chroot environment could be bypassed leading to security issues.
If you want to configure email alerts on a Wazuh server, we will need to make changes to the ‘ossec.conf’ configuration file and ensure you have the appropriate email relay or server settings ready.
So below I will provide a general outline to help you configure your Wazuh server for email alert
SMTP Server Configuration:
First, we will need SMTP server details of your email provider. For example, if you’re using Gmail, the SMTP server would be ‘smtp.gamil.com’ and the port would be ‘587’ for TLS.
Depending on your provider, you might also need an App password or allow less secure apps.
Edit your ossec.conf file:
Open the main configuration file in a text editor like nano:
sudo nano /var/ossec/etc/ossec.conf
Locate the ‘<global>’ section and configure the following settings:
Once you have made the changes, your will need to restart the Wazuh manager for the changes to take effect:
sudo service wazuh-manager restart
Testing:
To test the email configuration, you can generate an alert or wait for a real one. Given the alert level you set in ‘ossec.conf’, you should receive email notifications.
Securing your email password:
Storing your email password in a plain text, in the configuration file isn’t secure. Depending on your email service provider, consider using API keys or OAuth tokens if they provide such options. You could also consider using a local relay that handles the email authentication for you.
Adjusting Rules:
You can adjust the rules or create custom ones to refine which events trigger email alerts, this will help reduce noise and focus on more significant or concerning activities.
Also, make sure if you are using Gmail or your personal account you’re not violating any terms of service. Sending too many emails or automating might get you suspended. I hope this helps, Wazuh is a great SIEM and I will have more articles the more I learn.
Open Hyper-V Manager: Go to the start menu, search for “Hyper-V Manager,” and launch it.
Select the VM: In the left-hand pane, locate the virtual machine you would like to export. Right click on it and open the context menu and then click on “export”.
Choose the Export Path: In the “Export Virtual Machine” wizard, you’ll be prompted to select an export path. Choose a location where you want to save the exported VM, preferably on a drive with sufficient space!
Choose Export Options: In this step, you will have the option to choose whether you want to export the VM’s snapshots as well. You can choose to export all snapshots or just he running state. Select the appropriate option based on your needs and click “Next”.
Complete the Export: Review the settings on the summary page and click “Finish” to begin the export.
Monitor the Export Progress: The export process may take some time depending on the size of the VM and it’s associated files. You will want to monitor the progress through the Hyper-V Manager.
Once the export is completed, you will have a copy of the VM in the folder you specified. This exported VM can be imported into another Hyper-V host or it could serve as a backup of the original VM.
The export of the VM only creates a copy of the virtual machine configuration and its associated files. It does not remove or affect the original VM in any way. Thanks again for reading this far, I hope this article answered some of your questions.
In today’s digital landscape, online advertisements have inundated our browsing experience, often interrupting our activities and compromising our privacy. However, users now have a robust tool at their disposal to reclaim control over their online environment. Enter Pi-hole, an innovative network-wide ad-blocking solution. This article explores the workings of Pi-hole, its benefits, and how it revolutionizes ad-blocking, offering users a seamless browsing experience free from intrusive ads.
What is Pi-hole? Pi-hole is an open-source software developed to function as a network-wide ad-blocker. It operates on devices such as Raspberry Pi or any Linux-based system and intercepts domain requests made by devices within the network, preventing ads from reaching the users’ devices altogether. By blocking ads at the DNS (Domain Name System) level, Pi-hole effectively removes ads across all connected devices, including smartphones, tablets, computers, and even smart TVs.
How does Pi-hole work? Pi-hole operates as a DNS sinkhole, employing a blacklist of known ad-serving domains to filter out ad requests. When a device within the network attempts to connect to an ad-serving domain, Pi-hole intercepts the request and blocks it, ensuring that the ad never reaches the user’s screen. By acting as a centralized ad-blocker, Pi-hole offers a network-wide solution that eliminates the need for individual ad-blocking software on each device.
The benefits of Pi-hole
Ad-Free Browsing: Pi-hole delivers a cleaner and more enjoyable browsing experience by eradicating intrusive ads across all devices on the network. Whether you’re surfing the web or streaming content, Pi-hole ensures a seamless and uninterrupted experience.
Enhanced Privacy and Security: Pi-hole not only blocks ads but also prevents trackers and malware domains from infiltrating your network. By intercepting and blocking these potentially harmful domains, Pi-hole provides an additional layer of security and privacy protection, reducing the risk of malware infections and safeguarding your personal information.
Network-Wide Protection: With Pi-hole, every device connected to the network benefits from ad-blocking capabilities. Whether it’s your smartphone, tablet, or computer, all devices can enjoy an ad-free experience without the need for separate ad-blocking software.
Faster Browsing: By blocking ads at the DNS level, Pi-hole reduces the amount of data being transferred to your devices, resulting in faster page loading times. With less data to process, webpages load swiftly, improving overall browsing speed and efficiency.
Customization and Control: Pi-hole offers users a high level of customization and control over their ad-blocking experience. Users can add or remove domains from the blacklist, allowing them to tailor their ad-blocking preferences according to their specific needs. Pi-hole also provides detailed statistics and logs, giving users insights into the types and quantities of ads being blocked.
Pi-hole represents a groundbreaking solution in the realm of ad-blocking technology. By seamlessly blocking ads at the network level, Pi-hole offers users an uninterrupted browsing experience across all devices connected to their network. With enhanced privacy, improved security, faster page loading times, and the ability to customize and control the ad-blocking process, Pi-hole empowers users to regain control over their online environment. In an era where intrusive ads and privacy concerns prevail, Pi-hole stands as a powerful tool that revolutionizes the way we browse the internet, providing a cleaner, safer, and more enjoyable online experience for all.
I will have an article and video up shortly on how you can install and use pi-hole in your network.
To view filtered sessions in the Fortinet Command Line interface (CLI) on a FortiGate firewall, you can use the “diagnose sys session list” command after you apply the filtering options you would like to use.
Access the FortiGate CLI through SSH or console connection, you can use a program like PuTTY or a windows terminal.
Log in with your administrator credentials.
Use the “diagnose sys sessions filter” command with the desired filtering options. For example, to filter sessions sourcing from 192.168.1.10:
diagnose sys sessions filter src 192.168.1.10
After applying the filter, use the “diagnose sys session list” command to view the filtered sessions:
diagnose sys sessions list
This command will display the list of sessions that match your specified filtering criteria.
The output may be quite large, depending on the number of sessions matching the filter, but thankfully you can use additional options with the “diagnose sys session list” command to customize the output, like specifying the number of sessions to display or filtering based on specific session states.
Let’s look at an example to limit the number of displayed sessions to 100:
diagnose sys session list | head -n 100
Now lets filter our sessions that are currently in an established state.
diagnose sys sessions list | grep "ESTABLISHED"
Please remember that the cli is case-sensitive and you will need to enter the filtering parameters correctly to get accurate results.
Now that we have found the sessions that we might want to clear let’s run the below command to clear the pesky connections. Remember using this command without any filters applied will clear all sessions currently opened on the FortiGate unit, BE CAREFUL!
diagnose sys session clear
Thanks for reading and please check out our YouTube channel for more content.
In Linux, you can use the ‘ls’ command with the ‘-l’ (long format) option to display detailed information about files, including their sizes. Here’s how you can do it.
Open a terminal and navigate to the directory where the file is located (if necessary). Then, run the following command.
ls -l <filename>
Replace ‘<filename>’ with the name of the file you want to check. For example, if you want to check the size of a file named “example.txt”, you would run:
ls -l example.txt
The command will display information about the file, including its size in bytes.
If you want to display the file size in a more human-readable format, you can use the ‘-h’ (human-readable) option along with the ‘-l’ option, like this:
ls -lh <filename>
This will display the file size in a format that is easier to understand, such as kilobytes, megabytes or gigabytes depending on the file size.
If you want to check the sizes of multiple files in a directory, you can use a wildcard character ‘*’ to specify a pattern. For example, to check the sizes of all files in the current directory, you can run:
ls -l *
This will display the detailed information for all files in the directory, including their sizes.
Please remember that the ‘ls’ command shows sizes of files and not directories, please check out my other article on showing directory sizes if you would like more information. Hint it’s the ‘du’ command.
To get the size of directories in Linux, you can use the ‘du’ (disk usage) command. The ‘du’ command displays the disk usage of files and directories. By default, it shows the sizes of directories and their subdirectories recursively. Here’s how you can use it.
Open a terminal and navigate to the directory for which you want to check the size. Then, run the following command:
du -sh <directory>
You will want to replace <directory> with the name or path of the directory you want to check. For example, if you want to check the size of a directory named “myfolder”, you would run:
du -sh myfolder
The ‘-s” option is used to display only the total size of the specified directory, rather than showing the size of each individual file and subdirectory within it.
the ‘-h’ option is used to display the size in human-readable format, such as kilobytes (k), megabytes (M), or gigabytes (G) depending on the directory size.
The above command will output the total size of the directory, including all its contents.
Unreal Labs 