Friday 27 April 2018

Installing Tripwire on Suse

First we have to get tripwire:

In my case:
zypper addrepo
zypper refresh
zypper install tripwire
twadmin --generate-keys --local-keyfile /etc/tripwire/$HOSTNAME-local.key
twadmin --create-cfgfile -S /etc/tripwire/site.key /etc/tripwire/twcfg.txt

In /etc:
cp twcfg.txt tw.cfg
cp twpol.txt te.pol

Create twpol.txt if it does not exist:
# Begin twpol.txt

  rulename = "Tripwire Data Files",
  severity = 100
  /var/lib/tripwire                    -> $(Dynamic) -i ;
  /var/lib/tripwire/report             -> $(Dynamic) (recurse=0) ;

  rulename = "Root & Home",
  severity = 100
  /                                    -> $(IgnoreAll) (recurse=1) ;
  /home                                -> $(IgnoreAll) (recurse=1) ;

  rulename = "System Directories",
  severity = 100
  /bin                                 -> $(IgnoreNone)-SHa ;
  /boot                                -> $(IgnoreNone)-SHa ;
  /etc                                 -> $(IgnoreNone)-SHa ;
  /lib                                 -> $(IgnoreNone)-SHa ;
  /opt                                 -> $(IgnoreNone)-SHa ;
  /root                                -> $(IgnoreNone)-SHa ;
  /sbin                                -> $(IgnoreNone)-SHa ;
  /usr                                 -> $(IgnoreNone)-SHa ;

# End twpol.txt

twadmin --create-polfile -S site.key /etc/tripwire/twpol.txt
tripwire --init

tripwire --check
tripwire --check --interactive


Thursday 19 April 2018

Installing SquidGuard on CentOS 7.x

Get Berkeley DB 4.6.21:

cd db-46..
cd build_unix
make install

ln -s /usr/local/BerkeleyDB.4.6 /usr/local/BerkeleyDB

export LD_RUN_PATH=/usr/local/BerkeleyDB/lib ./configure
make install

Get the blacklist form here:

Create static lists to squidGuard db: 
ln -s /opt/3rdparty/BL/anonvpn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/hacking /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/dating /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/gamble /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/movies /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/music /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/porn /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/sex /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/spyware /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/tracker /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/urlshortener /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/violence /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/warez /usr/local/squidGuard/db
ln -s /opt/3rdparty/BL/weapons /usr/local/squidGuard/db

SquidGuard configuration:
dbhome /usr/local/squidGuard/db
logdir /usr/local/squidGuard/log

dest anonvpn{
         log             anonvpn
         domainlist      anonvpn/domains
         urllist         anonvpn/urls

dest hacking{
         log             hacking
         domainlist      hacking/domains
         urllist         hacking/urls

dest dating{
         log             dating
         domainlist      dating/domains
         urllist         dating/urls

dest gamble{
         log             gamble
         domainlist      gamble/domains
         urllist         gamble/urls

dest movies{
         log             movies
         domainlist      movies/domains
         urllist         movies/urls

dest music{
         log             music
         domainlist      music/domains
         urllist         music/urls

dest porn{
         log             porn
         domainlist      porn/domains
         urllist         porn/urls

dest spyware{
         log             spyware
         domainlist      spyware/domains
         urllist         spyware/urls

dest tracker{
         log             tracker
         domainlist      tracker/domains
         urllist         tracker/urls

dest urlshortener{
         log             urlshortener
         domainlist      urlshortener/domains
         urllist         urlshortener/urls

dest violence{
         log             violence
         domainlist      violence/domains
         urllist         violence/urls

dest warez{
         log             warez
         domainlist      warez/domains
         urllist         warez/urls

dest weapons{
         log             weapons
         domainlist      weapons/domains
         urllist         weapons/urls

acl {
  default {
   pass !anonvpn !hacking !dating !gamble !movies !music !porn !spyware !tracker !urlshortener !violence !warez !weapons all
   redirect 302:

Switch of SELinux /etc/sysconfig/selinux, enter:
# vi /etc/sysconfig/selinux

And set / update it as follows:

chkconfig squid on

You will have to compile the lists in order for squidGuard to work with them. Removing and compiling stuff from the DB:
cd /usr/local/squidGuard/db
grep -r ""
./squidGuard -C movies/domains
service squid restart

In Squid config:
# Try connecting to first 25 ips of domain name
forward_max_tries 25
redirect_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
url_rewrite_bypass off
url_rewrite_program /usr/local/bin/squidGuard -c /usr/local/squidGuard/squidGuard.conf
#debug_options ALL,1 29,1

Wednesday 18 April 2018

Puppet Picks

Some great puppet picks if you want to use Puppet or write modules to it or install Foreman.


Writing modules:


Rsyslog UDP/TCP

There is a small, but important catch when you configure rsyslog - the protocol at the end of the config. For the classic UDP set on @ for TCP @@

# The authpriv file has restricted access.
authpriv.*                                              /var/log/secure

# Log all the mail messages in one place.
mail.*                                                  -/var/log/maillog

# Log cron stuff
cron.*                                                  /var/log/cron

# Everybody gets emergency messages
*.emerg                                                 :omusrmsg:*

# Save news errors of level crit and higher in a special file.
uucp,news.crit                                          /var/log/spooler

# Save boot messages also to boot.log
local7.*                                                /var/log/boot.log

$ActionQueueFileName fwdRule1 # unique name prefix for spool files
$ActionQueueMaxDiskSpace 1g   # 1gb space limit (use as much as possible)
$ActionQueueSaveOnShutdown on # save messages to disk on shutdown
$ActionQueueType LinkedList   # run asynchronously
$ActionResumeRetryCount -1    # infinite retries if host is down
# remote host is: name/ip:port, e.g., port optional
*.* @IP:514