Posts

ads

GLPI server on Ubuntu 22.04

 GLPI server on Ubuntu 22.04 sudo apt update sudo apt upgrade -y sudo apt install -y apache2 php libapache2-mod-php php-mysql php-curl php-gd php-intl php-mbstring php-xml php-zip php-bz2 php-imagick php-apcu php-memcache php-imap php-ldap php-tidy php-pear php-xmlrpc php-pspell php-json php-iconv php-xsl sudo apt install -y mariadb-server sudo mysql_secure_installation     sudo mysql -u root -p CREATE DATABASE glpi;     CREATE USER 'glpiuser'@'localhost' IDENTIFIED BY 'root';    {StrongPassword}     GRANT ALL PRIVILEGES ON glpi.* TO 'glpiuser'@'localhost';     FLUSH PRIVILEGES;     EXIT; cd /var/www/html wget https://github.com/glpi-project/glpi/releases/download/10.0.19/glpi-10.0.19.tgz tar -xvzf glpi-10.0.19.tgz     sudo chown -R www-data:www-data /var/www/html/glpi     sudo chmod -R 775 /var/www/html/glpi sudo nano /etc/apache2/conf-available/glpi.conf       Alias /glpi "/va...

Wazuh Server Detecting unauthorized processes

  Wazuh Server Detecting unauthorized processes Ubuntu endpoint Take the following steps to configure command monitoring and query a list of all running processes on the Ubuntu endpoint. Add the following configuration block to the Wazuh agent  nano/var/ossec/etc/ossec.conf file. This allows to periodically get a list of running processes: <ossec_config>   <localfile>     <log_format>full_command</log_format>     <alias>process list</alias>     <command>ps -e -o pid,uname,command</command>     <frequency>30</frequency>   </localfile> </ossec_config> Restart the Wazuh agent to apply the changes: $ sudo systemctl restart wazuh-agent Install Netcat and the required dependencies: $ sudo apt install ncat nmap -y   Wazuh server Add the following rules to the /var/ossec/etc/rules/local_rules....

Remove agents using the CLI Wazuh Server

  Remove agents using the CLI Wazuh Server The  /var/ossec/bin/manage_agents  tool can also remove Wazuh agents using the command line interface (CLI). Run the following command on the Wazuh server: Sudo   /var/ossec/bin/manage_agents   You can run the following command on the Wazuh server and specifiy the Wazuh agent ID by using the -r option. Replace <WAZUH_AGENT_ID> with the agent ID of the Wazuh agent: /var/ossec/bin/manage_agents -r <WAZUH_AGENT_ID> (agent id)

Wazuh File integrity monitoring

  Wazuh File integrity monitoring:- Edit the Wazuh agent /var/ossec/etc/ossec.conf   <directories check_all="yes" report_changes="yes" realtime="yes">/root</directories>     <directories check_all="yes" report_changes="yes" realtime="yes">/code/config</directories>     <directories check_all="yes" report_changes="yes" realtime="yes">/usr/</directories>     <directories check_all="yes" report_changes="yes" realtime="yes">/home/ubuntu</directories>   sudo systemctl restart wazuh-agent     https://documentation.wazuh.com/current/proof-of-concept-guide/poc-file-integrity-monitoring.html      

Slack Integration Wazuh Server : Alerts in Critical, High, and Medium Slack Channels

  Slack Integration Wazuh Server : Alerts in Critical, High, and Medium Slack Channels 1. Set Up a Slack App: Go to the Slack API website and log in to your workspace. Navigate to “Your Apps” and click on “Create New App.” Enter a name for your app (e.g., “Wazuh Alerts”) and select the workspace where you want to install the app. Create three channels named “Critical”, “High” and “Medium”. In the app settings, go to “Incoming Webhooks” and enable it. Click on “Add New Webhook to Workspace” to generate a webhook URL. Note down this URL for the three channels, as you’ll need it later. https://api.slack.com/apps   Edit Wazuh Configuration File: Edit /var/ossec/etc/ossec.conf in the Wazuh server and include a configuration block such as the following. <integration> <name>slack</name> <hook_url>https://hooks.slack.c...

Step-by-step setup of Wazuh SIEM/FIM tools on Ubuntu Server

Image
  Step-by-step setup of Wazuh SIEM/FIM tools on Ubuntu Server FIM -- File integrity monitoring  SIEM -- Security Information and Event Management   Server and Clinet same network   Hardware Configuration 4 CPU and 8/16GB RAM requred 1.     sudo apt update 2.     curl -sO https://packages.wazuh.com/4.7/wazuh-install.sh && sudo bash ./wazuh-install.sh -a --ignore-check systemctl daemon-reload systemctl enable wazuh-manager systemctl start wazuh-manager systemctl daemon-reload systemctl enable wazuh-dashboard systemctl start wazuh-dashboard   timedatectl list-timezones sudo timedatectl set-timezone Asia/Kolkata   User: admin     Password: nKRW5.IuBfTXOtcRDLQ1JRx?1Ef.17P?   3.     With this, your Wazuh server is ready. Copy the provided credentials from the terminal, enter the server IP into your browser, and proceed to login. Navigate to  htt...

How to install and configure OSSEC server and client

How to install and configure OSSEC server and client sudo timedatectl set-timezone Asia/Calcutta Asia/Calcutta   1. sudo apt-get update && sudo apt-get upgrade -y 2. sudo apt-get install build-essential libevent-dev zlib1g-dev libssl-dev unzip wget -y 3. sudo apt-get install libpcre2-dev 4. sudo apt-get install libsystemd-dev 5. wget https://github.com/ossec/ossec-hids/archive/3.7.0.tar.gz 6. tar -xvzf 3.7.0.tar.gz 7. cd ossec-hids-3.7.0 8. sudo ./install.sh 9. sudo /var/ossec/bin/ossec-control start   Configure OSSEC nano /var/ossec/etc/ossec.conf Update below <global>     <email_notification>yes</email_notification>     <email_to>root@localhost</email_to>     <smtp_server>127.0.0.1</smtp_server>     <email_from>ossecm@localhost</email_from> </global>   <global>     <emai...