發表文章

目前顯示的是 4月, 2021的文章

Installing Elasticsearch, Logstash, Kibana, Filebeat on CentOS 7

圖片
1. change to root $ su - 2. download and install the public signing key: $ rpm --import https://artifacts.elastic.co/GPG-KEY-elasticsearch 3. produce .repo files inorder to downlowd from YUM $ touch /etc/yum.repos.d/elasticsearch.repo $ vim /etc/yum.repos.d/elasticsearch.repo             4. produce .repo files inorder to downlowd from YUM $ touch /etc/yum.repos.d/logstash.repo $ vim /etc/yum.repos.d/logstash.repo              5. Such as step 4 to edit /etc/yum.repos.d/kibana.repo 6. build as step 4 to edit /etc/yum.repos.d/elastic.repo also 7. yum install elasticsearch logstash kibana filebeat 8. systemctl enable elasticsearch.service     systemctl enable kibana.service     systemctl enable filebeat.service 9. systemctl restart elasticsearch.service     systemctl restart kibana.service     systemctl restart filebeat.service 10. firewall-cmd --permanent --add-port...

網址與檔案沙箱測試

 https://www.browserling.com/ 若有懷疑的網址,可從該沙箱瀏覽器開啟網址測試 https://www.hybrid-analysis.com/ https://www.virustotal.com/gui/home/upload   Refernces  https://zeltser.com/lookup-malicious-websites/ https://talosintelligence.com/

Build honey-pot environment to trap intruder from internet on CentOS 7 VM or security onion

圖片
 1. Download CentOS 7/  security onion( https://securityonionsolutions.com/software) form official ISO image  https://3ctipsmemo.blogspot.com/2021/04/centos-linux-7-and-8-isos-download-urls.html and install it in Virtual Machine Apps(Virtualbox or VMware)   2. Setting firewall rules for allowing  all link in but denying all link out with firewalld   3. Setting a extremely complexity root password to avoid brute-force cracking 4. Opening general service ports to serve outside connection. 5. Monitoring /var/log/message/secure to verify malicious connection behavior such as root fraud is to try many times with ssh connection, dovecot users fraud is to try use smtp service... 6. If they try to hack service over six times, we can coordinate these malicious connections hostnames/source IPs/destination ports to insert firewall blacklist reference https://access.redhat.com/discussions/3238521 https://firewalld.org/documentation/man-pages/firewall-cmd.html https://...

CentOS Linux 7 and 8 isos download URLs

CentOS 7 http://isoredirect.centos.org/centos/7/isos/x86_64/  with RPMs https://www.centos.org/download/  http://mirror.centos.org/centos/7/ Source at Taiwan http://ftp.twaren.net/Linux/CentOS/7.9.2009/isos/x86_64/ http://ftp.ksu.edu.tw/pub/CentOS/7.9.2009/isos/x86_64/ http://ftp.stu.edu.tw/Linux/CentOS/7.9.2009/isos/x86_64/ http://mirror01.idc.hinet.net/centos/7.9.2009/isos/x86_64/ http://centos.cs.nctu.edu.tw/7.9.2009/isos/x86_64/ http://ftp.tc.edu.tw/Linux/CentOS/7.9.2009/isos/x86_64/ http://free.nchc.org.tw/centos/7.9.2009/isos/x86_64/ CentOS 8 http://isoredirect.centos.org/centos/8/isos/x86_64/  with RPMs https://www.centos.org/download/ http://mirror.centos.org/centos/8/ Source at Taiwan http://mirror01.idc.hinet.net/centos/8.3.2011/isos/x86_64/ http://ftp.tc.edu.tw/Linux/CentOS/8.3.2011/isos/x86_64/ http://ftp.twaren.net/Linux/CentOS/8.3.2011/isos/x86_64/ http://ftp.ksu.edu.tw/pub/CentOS/8.3.2011/isos/x86_64/ http://centos.cs.nctu.edu.tw/8.3.2011/isos/x8...

Private IP Definition

圖片
RFC 1918 10.0.0.0/255.0.0.0(8) 172.16.0.0/255.240.0.0(12) 192.168.0.0/255.255.0.0(16) RFC 6598 100.64.0.0/255.252.0.0 (10)  ISP internal RFC 2544 192.18.0.0/255.127.0.0   for a testing device were to be accidentally connected to partt of the Internet RFC 5737 192.0.2.0/255.255.255.0 (24) 198.51.100.0/255.255.255.0 (24) 203.0.113.0/255.255.255.0 (24) References https://en.wikipedia.org/wiki/Private_network https://www.ietf.org/standards/rfcs/ https://www.rfc-editor.org/search/rfc_search.php https://tools.ietf.org/html/rfc1918 https://tools.ietf.org/html/rfc6598 https://tools.ietf.org/html/rfc2544 https://tools.ietf.org/html/rfc5737

Bob Dylan Quotes

  https://www.brainyquote.com/authors/bob-dylan-quotes    https://www.goodreads.com/author/quotes/8898.Bob_Dylan   “If you're not busy being born, you're busy dying.” ― Bob Dylan    

Dell H330 PERC RAID production configuration

圖片
 1. Ctrl +R to go into Configuration Utility 2. To opt disks to convert to RAID 3 Comfirm RAID property

Requirement for Windows 10 Remote Desktop Service

圖片
 1. Services.msc 2. control.exe ->  open / close windows function -> enable SMB permanently, it is a key point in connection speed If you use rdpwrapper library, please modify gpedit.msc -> computer configuration -> administrative template -> windows accessories -> remote desktop  service-> remote desktop client Extra. How to speed up remote desktop processing   low down encryption in intranet references https://docs.microsoft.com/zh-tw/windows-server/administration/performance-tuning/role/remote-desktop/session-hosts

WHEA_UNRATABLA_ERROR occurs suddenly on Windows 10

 IF the system show Blue Screen and describe WHEA_UNRATABLA_ERROR suddenly on Windows 10 Because the automatic update cause the on Windows 10, you can path the updated error  from update latest patch files and reset the BIOS configuration to default in your system. https://docs.microsoft.com/zh-tw/windows/deployment/update/windows-update-errors windows update catalog website https://www.catalog.update.microsoft.com/ references https://www.intel.com.tw/content/www/tw/zh/support/articles/000028099/processors/intel-core-processors.html https://support.microsoft.com/en-us/windows/how-to-fix-whea-uncorrectable-error-7c49d78a-2792-96cf-2268-abbe9d9eb29f https://neosmart.net/wiki/0x0000124-whea-uncorrectable-error/