How to install Elastic ELK 8.3.2 onto Ubuntu 20.04.4 LTS

Elastic Stack – comprised of Elasticsearch, Kibana, Beats, and Logstash. Allows for managing a sheer volume of data, in a reliably and securely manner that take data from any source, in any format, then search, analyze, and visualize. Built on a foundation of free and open, Elasticsearch and Kibana pave the way for diverse use cases that start with logging and span as far as your imagination takes you. Elastic features like machine learning, security, and reporting compound that value. For the purpose of Auditing & Compliance governance, I am leveraging ELK as a SIEM.

Anyway, I am going to show you the steps I’ve gone thru to install ELK8.3.2 onto Ubuntu 20.04.4 for my Proof-of-Concept(PoC) lab testing environment.

Continue reading “How to install Elastic ELK 8.3.2 onto Ubuntu 20.04.4 LTS”

用隻pi做firewall及reverse proxy 教學 part 2

前面同大家一齊做起佐firewall及reverse proxy既OS setup及基本software installation, 咁我地就開始著手做application configuration啦, 須要做application configuration既分別有ufw, fail2ban及nginx

Continue reading “用隻pi做firewall及reverse proxy 教學 part 2”

用隻pi做firewall及reverse proxy 教學

啱啱見有朋友仔話自己隻NAS比hacker hijack同encrypted佐隻碟, 而其實呢件咁不幸既事係2019年10月份都發生過係我身上.咁橋係錯有錯著情況之下,我都分享一下我既方案比大家做reference. 就係用一隻好simple既pi 或 linux base既 appliance係做Firewall + reverse proxy去reduce個risk.

Continue reading “用隻pi做firewall及reverse proxy 教學”

用Duplicator Pro 重建 WordPress – Part 2

原本想用一編文章去講解如何用Duplicator Pro來重建Wordpress, 可是原來重建OS,基本LAMP stack及重建mysql已經很長,所以最後還是在這編文章來交待用Duplicator Pro的流程.
Continue reading “用Duplicator Pro 重建 WordPress – Part 2”

用Duplicator Pro 重建 WordPress – Part 1

早一星期因為一個一不少心,在upgrade Ubuntu時忙了用SSH做release upgrade是一件中度風險事情(雖然每次都無事),最後server instance就因為session timeout 而brick了. 搞了一大輪.最後只可以rebuild server instance及wordpress. 說起wordpress, 我早前好在買了Duplicator Pro作為backup用途, 今次正正用了 Duplicator Pro 來重建我的Wordpress.

用Squid proxy 做 youtube 既 Live Streaming

話說X’mas就到,而咁啱我手頭上既野比我D伙計KO晒,即係我都幾得閑. 而且尋日又去金魚街買佐4 packs野.包括水草, 魚一包, 螺一包, Crayfish(淡水龍蝦)一隻. lunch 時大家話不如搞個魚樂無窮Channel. 咁我地就著手用desktop板youtube試用USB Webcam 去 live streaming 啦, 點知因為…又係coperate既firewall block晒D port(證明Infra team交足功課比我), 所以我當然係要leverage我隻squid proxy啦.

Continue reading “用Squid proxy 做 youtube 既 Live Streaming”

如何在Linux/unix上 ban spammer?

好多時review syslog 及 mail.log 都會見到好多spammer, spammer最common既observations就係做brute force attack. 當然正常情況下用strong password policy唔係咁容易比spammer誤入,但更好既方法就係做prevention control.

Dec 10 13:53:12 delta dovecot: auth-worker(9742): pam([email protected],87.246.7.34): pam_authenticate() failed: Authentication failure (password mismatch?)
Dec 10 13:53:14 delta postfix/smtps/smtpd[8101]: warning: unknown[87.246.7.34]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 10 13:53:16 delta postfix/smtps/smtpd[8101]: lost connection after AUTH from unknown[87.246.7.34]
Dec 10 13:53:16 delta postfix/smtps/smtpd[8101]: disconnect from unknown[87.246.7.34] ehlo=1 auth=0/1 rset=1 commands=2/3
Dec 10 13:53:52 delta postfix/smtps/smtpd[8101]: warning: hostname net6-ip34.linkbg.com does not resolve to address 87.246.7.34
Dec 10 13:53:52 delta postfix/smtps/smtpd[8101]: connect from unknown[87.246.7.34]
Dec 10 13:53:56 delta postfix/smtps/smtpd[8101]: Anonymous TLS connection established from unknown[87.246.7.34]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 10 13:54:05 delta dovecot: auth-worker(9742): pam([email protected],87.246.7.34): pam_authenticate() failed: Authentication failure (password mismatch?)
Dec 10 13:54:07 delta postfix/smtps/smtpd[8101]: warning: unknown[87.246.7.34]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 10 13:54:08 delta postfix/smtps/smtpd[8101]: lost connection after AUTH from unknown[87.246.7.34]
Dec 10 13:54:08 delta postfix/smtps/smtpd[8101]: disconnect from unknown[87.246.7.34] ehlo=1 auth=0/1 rset=1 commands=2/3
Dec 10 13:54:49 delta postfix/smtps/smtpd[8101]: warning: hostname net6-ip34.linkbg.com does not resolve to address 87.246.7.34
Dec 10 13:54:49 delta postfix/smtps/smtpd[8101]: connect from unknown[87.246.7.34]
Dec 10 13:54:56 delta postfix/smtps/smtpd[8101]: Anonymous TLS connection established from unknown[87.246.7.34]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
Dec 10 13:55:07 delta dovecot: auth-worker(9841): pam([email protected],87.246.7.34): pam_authenticate() failed: Authentication failure (password mismatch?)
Dec 10 13:55:09 delta postfix/smtps/smtpd[8101]: warning: unknown[87.246.7.34]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
Dec 10 13:55:11 delta postfix/smtps/smtpd[8101]: lost connection after AUTH from unknown[87.246.7.34]
Dec 10 13:55:11 delta postfix/smtps/smtpd[8101]: disconnect from unknown[87.246.7.34] ehlo=1 auth=0/1 rset=1 commands=2/3
Dec 10 13:55:47 delta postfix/smtps/smtpd[8101]: warning: hostname net6-ip34.linkbg.com does not resolve to address 87.246.7.34
Dec 10 13:55:47 delta postfix/smtps/smtpd[8101]: connect from unknown[87.246.7.34]
Dec 10 13:55:51 delta postfix/smtps/smtpd[8101]: Anonymous TLS connection established from unknown[87.246.7.34]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)

Continue reading “如何在Linux/unix上 ban spammer?”

停止 Dovecot 無需要的 info log

在linux/unix上有用 dovecot 作為 imapd/popd的朋友都可能好似我一樣, 覺得 dovecot 的 info 及 log 真的太多太煩. 所以大家都一定會問: 如何可以停止 Dovecot 無需要的 info log呢?

常見很煩擾的info log

Dec 10 09:50:20 sigma dovecot: imap(adrian): Logged out in=80 out=1262
Dec 10 09:50:20 sigma dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=30133, secured, session=<rwUcvE+ZCrB/AAAB>
Dec 10 09:50:20 sigma dovecot: imap(adrian): Logged out in=110 out=1282
Dec 10 09:50:21 sigma dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=30134, secured, session=<BgYcvE+ZDLB/AAAB>
Dec 10 09:50:21 sigma dovecot: imap(adrian): Logged out in=280 out=1227
Dec 10 09:50:25 sigma dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=30136, secured, session=<PgFovE+ZDrB/AAAB>
Dec 10 09:50:25 sigma dovecot: imap(adrian): Logged out in=28 out=769
Dec 10 09:52:21 sigma dovecot: imap-login: Login: user=, method=PLAIN, rip=127.0.0.1, lip=127.0.0.1, mpid=30141, secured, session=<dkNEw0+ZELB/AAAB>
Dec 10 09:52:21 sigma dovecot: imap(adrian): Logged out in=89 out=882

Continue reading “停止 Dovecot 無需要的 info log”

Postfix 上制作 Greylisting

上一編文章簡單講解了如何安裝Postfix作為mail server. 作為mail server除了發送email外當然也會收email, 而當您隻mail server不停收到Junk/spam時其實有好幾個方法應付, 今日的教學正是使用 Greylisting方案來解決問題.

Postgrey

Public Anti-Spam Blacklists

建設 Postfix + SPF + DKIM + DMARC

因為源用了好幾年的VPS hosting供應商AlphaRacks.com突然結業, 迫於無奈要找新的hosting供應商, 最迫不得意的當然是重新建設mail server. 當然您也可以使用raspberry pi或 OrangePi. 今次使用的VPS供應商是SnowVPS.com, 而選用的OS當然也是Ubuntu 16.04吧. 既然是由零開始, 所以今次一於記錄下安裝程序方便有須要朋友可參考. 今次安裝的 smtp server 是 Postfix, 另外會加上 SPF 作為 inbound/outbound filter, 再加上 DKIM 及 DMARC 作業 email authentication. 另外我都會使用 greylist 加強 spam filter.

Continue reading “建設 Postfix + SPF + DKIM + DMARC”

OrangePi Zero – Reverse Proxy

由於網上爬真係比較慢,而4G雖然快但始終有用量限制(我subscribe 個plan係50G 4.5G network) , 正因為我想方便utilitize system resources, 所以我把張家中network分家. 而今次這個project, 我是希望通過一台OrangePi Zero 做 reverse proxy, 令到活在4G network部份的器材可經網上爬這個fix fee接口進出internet.

Continue reading “OrangePi Zero – Reverse Proxy”

低能shell script

好多年無寫過program啦,今日手痕,所以搞搞新意思

手上有成手zip file, 因為係成手都係既問題, 而如果用windows去unzip 會有排玩, 會有好多keystroke 而如果寫 batch file 既話又無得再用 pkzip -d 等呢類 command…加埋我寫batch file既技巧真係同阿EDB局長(唔得掂)一樣. 所以我索性張D zip file 放晒上隻 Raspberry PI 上面再寫個 shell script 去 KO 佢

#!/bin/bash
for f in *.zip; do
  echo $f;
  file=$(basename "$f")
  filename="${file%.*}"
  # extension="${file##*.}"
  echo "mkdir: "$filename;
  mkdir unzip/$filename;
  unzip $f -d unzip/$filename;
done

個script大致上係scan晒個directory入面既 zip file, 再跟個zip file 既名起個directory, 再爆晒D file落去呢個sub-directory.

至於file既transfer 我會用 winscp, 用唔使3分鐘時間就搞掂晒