SELKS | suricata | Scirius | Elasticsearch | Hints

1. Manual update SELKS performs a daily suricata update (via /etc/crontab). To execute it manually call as www-data (!!!) NEVER RUN AS ROOT!!! # /bin/sh -c /bin/bash ‘cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py updatesuricata && deactivate’ www-data 2. fast.log rotation You MUST restart suricata to create a functional fast.log after logrotate. SIGHUP and/or […]

GPO | WMI filtering for users and/or machines

Setting some user branch rules for specific users on specific machines only. Forget old school loopback mode – use WMI Filtering instead. Create a WMI Rule. Syntax is like select * from Win32_ComputerSystem where ( Name like ‘MACHINE%’ or Name = ‘SERVERX’) and (UserName like ‘mueller%’ or Username = ‘meier’ ) You MUST (!!!) add […]

GPO | A unixers chronicles

1. GPO is not funny. 2. ALWAYS ADD Authenticated Users to the tab Delegation and grant them readable rights. (RETRIEVE the ‘pull GOP’ right!) (Via Delegation – Expanded view) Otherwise the following may happen: You add a user/group to the Security Filtering section, they appear in Delegation with all sufficient rights – but computer says […]

SELKS 5.0RC1 | first steps

HINTS: https://github.com/StamusNetworks/SELKS/wiki/SELKS-5.0-RC1/_edit#kibana-dashboards Login as selks-user with password selks-user. $ sudo su – # passwd selks-user # passwd root If you are using version 5.0 RC1 open /etc/scirius/local_settings.py and change KIBANA_DASHBOARDS_PATH = “/opt/selks/kibana6-dashboards/” to KIBANA6_DASHBOARDS_PATH = “/opt/selks/kibana6-dashboards/”. then run (as root) cd /usr/share/python/scirius/ && . bin/activate && python bin/manage.py kibana_reset && deactivate You will not find […]