Event logs contain important information for use in troubleshooting and information security investigations. Infrastructure and security teams should make make a conscious decision about retention of their important event logs so data is available on an endpoint when needed. The easiest way to set retention is to specify a max file size for the event log. After reaching this size, the oldest events will be overwritten with new.
Setting the max size of the standard Application, Security, Setup, and System event logs via GPO to standardize the settings across a domain is easy. But setting the max size for other logs, such as those under Applications and Services Logs → Microsoft within Event Viewer, is not as straight forward.
Continue reading Increasing Applications and Services Event Logs size With regedit and GPO
Logrotate is a versatile tool for rotating logs. When logrotate is configured to rotate a set of logs using the ‘compress’ command, by default the gzip utility will be used. gzip is a good utility but you may have a need to use something else. My need is:
- Multi-gigabyte files need to rotate hourly or daily
- Rotation and compression was taking several minutes per file
- My CPUs were mostly idle
My solution was to use the pigz compression utility coupled with logrotate. pigz performs multithreaded gzip compression so some of the idle CPUs could be put to work. Here’s how to do it:
Continue reading Logrotate with alternate compression tool such as pigz
WARNING: if you do this wrong or don’t understand the concepts, you risk losing your data. Be sure you know your way around linux and what you’re getting into before attempting!
To me, encryption of data at rest is just as important as encryption of data in transit. You never know if someone is going to break into your house and steal your computer. With so much personal information like financial data and pictures stored on the computer, it could be a major mess to recover from theft of your computer. (Of course, always keep an off-site backup for the really important stuff!)
I chose to migrate from the Solaris based OpenIndiana to Ubuntu. I had grown to love ZFS on OpenIndiana and didn’t want to lose its features. Luckily ZFS on Linux is now ready for prime-time! Unfortunately, ZFS on Linux is a few versions behind the official Oracle ZFS just like all other third part implementations of ZFS and does not support native encryption through the filesystem.
Continue reading ZFS on Linux with LUKS encrypted disks
SSL’s primary function on the Internet is to facilitate encryption and trust that allows a web browser to validate the authenticity of a web site. However, SSL works the other way around too – client SSL certificates can be used to authenticate a client to the web server. Think SSH public/private key pairs, if that is familiar to you. In this blog post I will outline the steps to create a certificate authority certificate, sign a server certificate and install it in Apache, and create a client cert in a format used by web browsers.
Continue reading SSL Client Authentication Step By Step
There are a variety of extremely cheep USB wifi dongles available on ebay that work wonderfully… once you get them working. I picked one up for $4 for my Raspberry Pi and had trouble getting it to work under Raspbian. Here’s what you need to do for the current Ralink USB adapters out there.
Continue reading Get the Ralink 28xx USB Dongle Running on Raspbian 7 (Raspberry Pi)
I use VMware’s ESXi in my home lab environment. If you’re a technologist that is always messing with operating systems and applications, it is really the only way to go. But along with running any systems comes maintaining good backups!
There are numerous VMware backup products on the market. The problem is they all cost money. For me and other people who just play with this stuff for fun, that is not desirable. At all.
Continue reading Automated ESXi Backup Without Dependencies!
I’ve been hearing great things about the Security Onion project. It bundles up a whole bunch of great tools that can be used for Network Security Monitoring (NSM) so I thought I would give it a try on my home network. After all, next time the fiancé gets malware, it could be helpful to know what happened…
Continue reading The Security Onion – NSM in an ESXi VM
When trying to install VMware Tools from ESXi 5.0 on Ubuntu 12.04 64 bit, I ran into the below compilation errors even though I had build-essential and kernel headers installed.
Continue reading Install vSphere 5 VMware Tools on Ubuntu 12.04/Fedora
So far I haven’t had a chance to really learn and understand IPv6, so as I’ve built new boxes I have disabled IPv6 explicitely. On Ubuntu, you can do this by adding these three lines to /etc/sysctl.conf and then rebooting:
Continue reading X Forwarding with IPv6 disabled on Ubuntu
The OpenIndiana project is an enterprise operating system based on the illumos kernel, which is a fork of the OpenSolaris project. OpenIndiana is open source, free, and community driven, and because it is based on the OpenSolaris kernel, it supports my favorite file system – ZFS.
Continue reading Creating an OpenIndiana USB boot stick under Windows 7