Pages

Friday 27 April 2018

Installing Tripwire on Suse

First we have to get tripwire:

In my case:
zypper addrepo http://download.opensuse.org/repositories/security/SLE_12_SP2/security.repo
zypper refresh
zypper install tripwire
twadmin --generate-keys --local-keyfile /etc/tripwire/$HOSTNAME-local.key
twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt

In /etc:
cp twcfg.txt tw.cfg
cp twpol.txt te.pol

Create twpol.txt if it does not exist:
# Begin twpol.txt

(
  rulename = "Tripwire Data Files",
  severity = 100
)
{
  /var/lib/tripwire                    -> $(Dynamic) -i ;
  /var/lib/tripwire/report             -> $(Dynamic) (recurse=0) ;
}

(
  rulename = "Root & Home",
  severity = 100
)
{
  /                                    -> $(IgnoreAll) (recurse=1) ;
  /home                                -> $(IgnoreAll) (recurse=1) ;
}

(
  rulename = "System Directories",
  severity = 100
)
{
  /bin                                 -> $(IgnoreNone)-SHa ;
  /boot                                -> $(IgnoreNone)-SHa ;
  /etc                                 -> $(IgnoreNone)-SHa ;
  /lib                                 -> $(IgnoreNone)-SHa ;
  /opt                                 -> $(IgnoreNone)-SHa ;
  /root                                -> $(IgnoreNone)-SHa ;
  /sbin                                -> $(IgnoreNone)-SHa ;
  /usr                                 -> $(IgnoreNone)-SHa ;
}

# End twpol.txt

twadmin --create-polfile -S site.key /etc/tripwire/twpol.txt
tripwire --init

tripwire --check
tripwire --check --interactive

References:

Thursday 19 April 2018

Installing SquidGuard on CentOS 7.x

Get Berkeley DB 4.6.21:
wget http://download.oracle.com/berkeley-db/db-4.6.21.tar.gz

cd db-46..
cd build_unix
../dist/configure 
make
make install

ln -s /usr/local/BerkeleyDB.4.6 /usr/local/BerkeleyDB


export LD_RUN_PATH=/usr/local/BerkeleyDB/lib ./configure
./configure
make
make install

Get the blacklist form here:
http://www.shalla.de/service.html

Create static lists to squidGuard db: 
ln -s /opt/3rdparty/BL/anonvpn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/hacking /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/dating /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/gamble /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/movies /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/music /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/porn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/sex /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/spyware /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/tracker /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/urlshortener /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/violence /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/warez /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/weapons /usr/local/squidGuard/db

SquidGuard configuration:
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log

dest anonvpn{
         log             anonvpn
         domainlist      anonvpn/domains
         urllist         anonvpn/urls
 }

dest hacking{
         log             hacking
         domainlist      hacking/domains
         urllist         hacking/urls
 }

dest dating{
         log             dating
         domainlist      dating/domains
         urllist         dating/urls
 }


dest gamble{
         log             gamble
         domainlist      gamble/domains
         urllist         gamble/urls
 }

dest movies{
         log             movies
         domainlist      movies/domains
         urllist         movies/urls
 }

dest music{
         log             music
         domainlist      music/domains
         urllist         music/urls
 }

dest porn{
         log             porn
         domainlist      porn/domains
         urllist         porn/urls
 }



dest spyware{
         log             spyware
         domainlist      spyware/domains
         urllist         spyware/urls
 }

dest tracker{
         log             tracker
         domainlist      tracker/domains
         urllist         tracker/urls
 }

dest urlshortener{
         log             urlshortener
         domainlist      urlshortener/domains
         urllist         urlshortener/urls
 }

dest violence{
         log             violence
         domainlist      violence/domains
         urllist         violence/urls
 }

dest warez{
         log             warez
         domainlist      warez/domains
         urllist         warez/urls
 }

dest weapons{
         log             weapons
         domainlist      weapons/domains
         urllist         weapons/urls
 }


acl {
  default {
   pass !anonvpn !hacking !dating !gamble !movies !music !porn !spyware !tracker !urlshortener !violence !warez !weapons all
   redirect 302:http://www.google.com
  }
 }



Switch of SELinux /etc/sysconfig/selinux, enter:
# vi /etc/sysconfig/selinux

And set / update it as follows:
SELINUX=disabled

chkconfig squid on

You will have to compile the lists in order for squidGuard to work with them. Removing and compiling stuff from the DB:
cd /usr/local/squidGuard/db
grep -r "example.com"
/usr/local/bin/
./squidGuard -C movies/domains
service squid restart

In Squid config:
# Try connecting to first 25 ips of domain name
forward_max_tries 25
#squidGuard
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
#debug_options ALL,1 29,1


Wednesday 18 April 2018

Puppet Picks

Some great puppet picks if you want to use Puppet or write modules to it or install Foreman.

Modules:
https://forge.puppet.com/ghoneycutt?utf-8=%E2%9C%93&sort=&page=3
https://forge.puppet.com/saz/rsyslog
https://forge.puppet.com/puppetlabs/firewall
https://forge.puppet.com/razorsedge/network
https://www.youtube.com/channel/UC_BpuLm5IvV2tme4WSHEdgw
https://wiki.infn.it/progetti/cloud-areapd/best_practices/config_puppetrun

Writing modules:
http://www.bogotobogo.com/DevOps/Puppet/puppet_locking_user_accounts_deploying_sudoers_file.php
https://www.linode.com/docs/applications/puppet/create-puppet-module
https://www.linode.com/docs/applications/puppet/install-and-configure-puppet

Installation:
http://prolinuxhub.com/install-forman-on-centos-7/
http://www.linuxtechi.com/install-and-configure-foreman-on-centos-7-x/
http://www.itzgeek.com/how-tos/linux/ubuntu-how-tos/install-foreman-on-centos-7-rhel-7-ubuntu-14-04-3.html
http://www.ehowstuff.com/disable-ipv6-on-redhat-centos-6-centos-7/
https://www.linode.com/docs/applications/puppet/install-and-configure-puppet
https://ask.puppet.com/question/2451/how-do-you-change-the-runinterval/
https://linuxconfig.org/puppet-agent-exiting-no-certificate-found-and-waitforcert-is-disabled-solution
http://devopspy.com/devops/install-puppet-master-agent-on-centos-7/
http://opensourceforu.com/2011/01/data-centre-automation-puppet-resources-types-examples/
https://docs.puppet.com/puppet/latest/install_linux.html

Rsyslog UDP/TCP

There is a small, but important catch when you configure rsyslog - the protocol at the end of the config. For the classic UDP set on @ for TCP @@

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog


# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g. 192.168.0.1:514, port optional
*.* @IP:514

References:
https://devops.profitbricks.com/tutorials/configure-remote-logging-with-rsyslog/
http://unix.stackexchange.com/questions/280697/rsyslog-not-forwarding-messages-to-remote-rsyslog-server
http://serverfault.com/questions/667728/configure-and-test-rsyslog-to-udp-socket
http://xmodulo.com/configure-rsyslog-client-centos.html