Hi folks! SELKS is great stuff. Read the manual. ;) https://jasonish-suricata.readthedocs.io/en/latest/ You can suppress alerts via web interface (and maybe desktop), but there are some limitations: 1. A suppress rule allows filterin either by source address OR by target address. 2. You can not import a bulk of suppress rules into a fresh installation. The […]
Modify /etc/default/snmpd SNMPDOPTS=’-LS6d -Lf /dev/null -u snmp -g snmp -I -smux,mteTrigger,mteTriggerConf -p /run/snmpd.pid’
1. Manual update SELKS performs a daily suricata update (via /etc/crontab). To execute it manually call as www-data (!!!) NEVER RUN AS ROOT!!! # /bin/sh -c /bin/bash ‘cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py updatesuricata && deactivate’ www-data 2. fast.log rotation You MUST restart suricata to create a functional fast.log after logrotate. SIGHUP and/or […]
Setting some user branch rules for specific users on specific machines only. Forget old school loopback mode – use WMI Filtering instead. Create a WMI Rule. Syntax is like select * from Win32_ComputerSystem where ( Name like ‘MACHINE%’ or Name = ‘SERVERX’) and (UserName like ‘mueller%’ or Username = ‘meier’ ) or select * from […]
Inbuilt gyroscope fools you: # apt-get remove iio-sensor-proxy
1. GPO is not funny. 2. ALWAYS ADD Authenticated Users to the tab Delegation and grant them readable rights. (RETRIEVE the ‘pull GOP’ right!) (Via Delegation – Expanded view) Otherwise the following may happen: You add a user/group to the Security Filtering section, they appear in Delegation with all sufficient rights – but computer says […]
HINTS: https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1/_edit#kibana-dashboards Login as selks-user with password selks-user. $ sudo su – # passwd selks-user # passwd root If you are using version 5.0 RC1 open /etc/scirius/local_settings.py and change KIBANA_DASHBOARDS_PATH = “/opt/selks/kibana6-dashboards/” to KIBANA6_DASHBOARDS_PATH = “/opt/selks/kibana6-dashboards/”. then run (as root) cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py kibana_reset && deactivate You will not find […]
There are no scripts in /opt/selks/Scripts/Setup/. You will find them in /usr/bin. Update your construction via # selks-upgrade_stamus Do not configure stuff manually during update process!
amix parameter decreases volumes of each input track to avoid clipping of the result track. Try this to prevent this behaviour: ffmpeg -y -i payload.mp2 -i bed.mp2 -filter_complex “[0]volume=2[a];[1]volume=2[b];[a][b]amix=inputs=2:duration=shortest:dropout_transition=0” payload_plus_bed.mp2
Here for nginx: # fstat | grep internet | grep nginx | grep -v 192.168 | grep ‘<–'
bytes and bones 