Merge branch 'staging'
2
LICENSE
@ -1,6 +1,6 @@
|
||||
MIT License
|
||||
|
||||
Copyright (c) 2023 Hiiruki
|
||||
Copyright (c) 2023 Lemniskett
|
||||
|
||||
Permission is hereby granted, free of charge, to any person obtaining a copy
|
||||
of this software and associated documentation files (the "Software"), to deal
|
||||
|
42
README.md
@ -1,46 +1,8 @@
|
||||
# hiiruki.dev
|
||||
# lemniskett.dev
|
||||
|
||||
_yet another personal website._
|
||||
|
||||
[![Netlify Status](https://api.netlify.com/api/v1/badges/73730c94-7f54-47c9-bd39-054054829340/deploy-status)](https://app.netlify.com/sites/hiiruki/deploys "Netlify Status")
|
||||
|
||||
This is my personal website. It's built with [Hugo](https://gohugo.io/) and hosted on [Netlify](https://www.netlify.com/) and using [Kamigo](https://github.com/hiiruki/hugo-Kamigo) theme. You can visit [here](https://hiiruki.dev).
|
||||
|
||||
![light mode](.github/images/light_mode.webp#center "Light mode")
|
||||
![dark mode](.github/images/dark_mode.webp#center "Dark mode")
|
||||
|
||||
## Pagespeed Insights
|
||||
|
||||
[Google Pagespeed Insights](https://pagespeed.web.dev/analysis/https-hiiruki-dev/rqaiq47qyp?form_factor=mobile) score for this website.
|
||||
|
||||
#### Mobile
|
||||
|
||||
![mobile](.github/images/mobile.webp#center "Mobile")
|
||||
|
||||
#### Desktop
|
||||
|
||||
![desktop](.github/images/desktop.webp#center "Desktop")
|
||||
|
||||
## Flow
|
||||
|
||||
```mermaid
|
||||
graph TD
|
||||
|
||||
subgraph GitHub Repo
|
||||
A[Website Code] --> B[Commit Changes]
|
||||
B --> C[Push to Repo]
|
||||
end
|
||||
|
||||
subgraph Netlify CI/CD Pipeline
|
||||
C --> D[Trigger CI/CD from main branch]
|
||||
D --> E[Build with Hugo]
|
||||
E --> F[Deploy to Netlify]
|
||||
end
|
||||
|
||||
subgraph Netlify Hosting
|
||||
F --> G[Live Website]
|
||||
end
|
||||
```
|
||||
Forked from [Hiiruki's Personal Website](https://github.com/hiiruki/hiiruki.dev)
|
||||
|
||||
## License
|
||||
|
||||
|
121
content/about.md
@ -1,128 +1,31 @@
|
||||
---
|
||||
title: About
|
||||
description: $ cat /home/about
|
||||
description: Self-explanatory
|
||||
hidemeta: true
|
||||
---
|
||||
|
||||
> "Information is power. But like all power, there are those who want to keep it for themselves."
|
||||
— [Aaron Swartz](https://en.wikipedia.org/wiki/Aaron_Swartz "Aaron Swartz @ Wikipedia")
|
||||
I'm Syahrial Agni Prasetya, A Linux enthusiast with a deep passion for DevOps culture, Cloud, and Automation.
|
||||
|
||||
<details>
|
||||
<summary> <code>$ whoami</code> </summary>
|
||||
Hi! I'm <code>echo 'RmlybWFuCg==' | base64 --decode</code> 👋
|
||||
</details><br>
|
||||
I have a good background in Linux and other UNIX/UNIX-like operating systems and have worked with Docker, Kubernetes, and some cloud providers like AWS, Azure, and some OpenStack providers.
|
||||
|
||||
Just an ordinary person who loves tech, games, anime, music, and other cool stuff. When I’m not on the text editor/terminal, I enjoy playing video games, watching movies or anime, and listening to music.
|
||||
Developing and maintaining app infrastructures are part of my daily routines. In my free time, I love to tinker my home lab to try out new tools to improve infrastructures managed by myself.
|
||||
|
||||
<details>
|
||||
<summary>Interests:</summary>
|
||||
<blockquote>Cyber security, GNU/Linux, *nix based systems, open source,
|
||||
FOSS, privacy, OPSEC, DFIR, OSINT, CTF, threat intelligence,
|
||||
reverse engineering, malware, cryptography, hardware hacking,
|
||||
physical security, lockpicking sport, cloud computing, DevOps,
|
||||
SysAdmin, SWE, SRE, operating systems, tildeverse, fediverse,
|
||||
bioinformatics, biohacking, data mining, Jamstack, SSG, IoT,
|
||||
blockchain, HPC, audiophile, mechanical keyboard, AI, ML, DL,
|
||||
LLM, ACG (Anime, Comics, and Games), Extended Reality (XR),
|
||||
3D design, ham radio, game development, science, cyberpunk,
|
||||
cipherpunk, psychology, philosophy, minimalism, retrocomputing,
|
||||
permacomputing, etc.</blockquote>
|
||||
</details><br>
|
||||
|
||||
I started this blog to jot down things I've learned, mainly because I tend to forget stuff I picked up earlier. But hey, I've made it public, so you're welcome to give it a read and pick up things too. Sharing is caring, after all! ^^
|
||||
|
||||
<br>
|
||||
Here you can find stuffs that I learned that made my life easier. Feel free to contact me about these stuffs.
|
||||
|
||||
### Contacts:
|
||||
|
||||
💬 [Matrix](https://matrix.to/#/@hiiruki:matrix.org "@hiiruki:matrix.org")<br>
|
||||
💬 [Session](https://getsession.org/) - [Session ID](/session.txt "Session ID: 055b210e9f97217abf1872ed98af29640d9f5194847352975a6e9a3ea301683602")<br>
|
||||
💬 [XMPP](https://en.wikipedia.org/wiki/XMPP "XMPP @ Wikipedia") - [hiiruki@yourdata.forsale](xmpp:hiiruki@yourdata.forsale)
|
||||
[Telegram](https://lemniskett.space/users/lemniskett)
|
||||
|
||||
📡 [IRC](https://en.wikipedia.org/wiki/Internet_Relay_Chat "IRC @ Wikipedia") - hiiruki @ [Libera.Chat](https://libera.chat/)<br>
|
||||
📡 [IRC](https://en.wikipedia.org/wiki/Internet_Relay_Chat "IRC @ Wikipedia") - hiiruki @ [Rizon](https://www.rizon.net/)<br>
|
||||
📡 [IRC](https://en.wikipedia.org/wiki/Internet_Relay_Chat "IRC @ Wikipedia") - hiiruki @ [tilde.chat](https://tilde.chat/)<br>
|
||||
[Pleroma](https://lemniskett.space/users/lemniskett)
|
||||
|
||||
📧 [E-mail](mailto:h%69@hiiruki.dev)
|
||||
[E-mail](mailto:syahrial@lemniskett.dev)
|
||||
|
||||
>All my emails are digitally signed with PGP key: [4325F99CF01AB846](/pgp.txt). Do not trust emails from me that lack a valid digital signature.
|
||||
|
||||
<details>
|
||||
<summary> 🔑 PGP Public Key </summary>
|
||||
<summary>Importing my public key</summary>
|
||||
|
||||
```shell
|
||||
curl -sL https://hiiruki.dev/pgp | gpg --import
|
||||
|
||||
# Fingerprint: [0xAF5886C8] • AEA5 B927 D7F0 D40B F4B3 C9F1 E40D 7521 AF58 86C8
|
||||
curl -sL https://lemniskett.dev/pgp.txt | gpg --import
|
||||
```
|
||||
|
||||
[pgp.txt](/pgp.txt)
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary> 🔑 SSH Public Key </summary>
|
||||
|
||||
```shell
|
||||
curl -sL https://hiiruki.dev/ssh | tee -a ~/.ssh/authorized_keys
|
||||
|
||||
# Fingerprint: SHA256:uxJNkKzML7tBYwYdjzviimi/Nw4Nd8ghFpl2MOrYLnw
|
||||
```
|
||||
|
||||
[ssh.txt](/ssh.txt)
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary> 🔑 OMEMO Fingerprint </summary>
|
||||
|
||||
```
|
||||
F1085BD5 D359788F 05F936D8 3185A5BE
|
||||
75B227FE DE4E6909 9433113B DFE4D722
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
<details>
|
||||
<summary> 🔑 OTR Fingerprint </summary>
|
||||
|
||||
```
|
||||
147B3144 705DADC6 E30F10D4 58EE07ED C9BFE1A6
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
<br>
|
||||
|
||||
### Misc:
|
||||
|
||||
👨💻 [humans.txt](/humans.txt)
|
||||
<br>
|
||||
|
||||
<details>
|
||||
<summary>🎵 Now listening</summary>
|
||||
<p>
|
||||
<img src="https://spotify.hiiruki.dev/api?theme=dark&scan=true" align="center" alt="Current Spotify Song">
|
||||
</p>
|
||||
</details>
|
||||
<br>
|
||||
|
||||
<details>
|
||||
<summary>👨💻 Doing something</summary>
|
||||
<p>
|
||||
<img src="https://lanyard-profile-readme.vercel.app/api/529270835341426708?hideTimestamp=false&hideDiscrim=true&idleMessage=Just%20chillin'%20at%20the%20moment..." align="center" alt="Discord Presence">
|
||||
</p>
|
||||
</details>
|
||||
|
||||
<script type="text/javascript">['contextmenu', 'selectstart'].forEach((e) => {
|
||||
document.addEventListener(e, (e) => e.preventDefault());
|
||||
});
|
||||
function ctrlShiftKey(e, keyCode) {
|
||||
return e.ctrlKey && e.shiftKey && e.keyCode === keyCode.charCodeAt(0);
|
||||
}
|
||||
document.onkeydown = (e) => {
|
||||
if (
|
||||
event.keyCode === 123 ||
|
||||
ctrlShiftKey(e, 'I') ||
|
||||
ctrlShiftKey(e, 'J') ||
|
||||
ctrlShiftKey(e, 'C') ||
|
||||
(e.ctrlKey && e.keyCode === 'U'.charCodeAt(0))
|
||||
)
|
||||
return false;
|
||||
};</script>
|
||||
|
Before Width: | Height: | Size: 30 KiB |
Before Width: | Height: | Size: 60 KiB |
Before Width: | Height: | Size: 7.6 KiB |
Before Width: | Height: | Size: 2.2 KiB |
Before Width: | Height: | Size: 6.7 KiB |
Before Width: | Height: | Size: 148 KiB |
Before Width: | Height: | Size: 12 KiB |
Before Width: | Height: | Size: 2.4 KiB |
Before Width: | Height: | Size: 18 KiB |
Before Width: | Height: | Size: 30 KiB |
Before Width: | Height: | Size: 27 KiB |
Before Width: | Height: | Size: 3.4 KiB |
Before Width: | Height: | Size: 59 KiB |
Before Width: | Height: | Size: 4.8 KiB |
Before Width: | Height: | Size: 2.4 KiB |
Before Width: | Height: | Size: 2.8 KiB |
Before Width: | Height: | Size: 7.9 KiB |
Before Width: | Height: | Size: 6.4 KiB |
Before Width: | Height: | Size: 38 KiB |
Before Width: | Height: | Size: 67 KiB |
Before Width: | Height: | Size: 110 KiB |
Before Width: | Height: | Size: 2.1 KiB |
Before Width: | Height: | Size: 159 KiB |
Before Width: | Height: | Size: 99 KiB |
Before Width: | Height: | Size: 60 KiB |
Before Width: | Height: | Size: 68 KiB |
Before Width: | Height: | Size: 28 KiB |
Before Width: | Height: | Size: 41 KiB |
Before Width: | Height: | Size: 54 KiB |
Before Width: | Height: | Size: 136 KiB |
Before Width: | Height: | Size: 40 KiB |
Before Width: | Height: | Size: 88 KiB |
Before Width: | Height: | Size: 39 KiB |
Before Width: | Height: | Size: 13 KiB |
Before Width: | Height: | Size: 5.4 KiB |
Before Width: | Height: | Size: 6.0 KiB |
Before Width: | Height: | Size: 3.8 KiB |
Before Width: | Height: | Size: 6.0 KiB |
Before Width: | Height: | Size: 1.9 KiB |
Before Width: | Height: | Size: 23 KiB |
Before Width: | Height: | Size: 5.0 KiB |
Before Width: | Height: | Size: 1.2 KiB |
Before Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 13 KiB |
Before Width: | Height: | Size: 16 KiB |
@ -1,323 +0,0 @@
|
||||
---
|
||||
title: "Setup CentOS for IBM QRadar CE Integration with VMware Workstation"
|
||||
description: ""
|
||||
summary: "This a guide to setup CentOS for IBM QRadar CE Integration with VMware Workstation and send logs to QRadar CE."
|
||||
date: 2023-09-12T16:15:51+07:00
|
||||
draft: false
|
||||
author: "Hiiruki" # ["Me", "You"] # multiple authors
|
||||
tags: ["centos", "qradar", "siem", "vmware", "linux", "security", "tutorial"]
|
||||
canonicalURL: ""
|
||||
showToc: true
|
||||
TocOpen: false
|
||||
TocSide: 'right' # or 'left'
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
hidemeta: false
|
||||
comments: false
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: true
|
||||
hideSummary: false
|
||||
searchHidden: false
|
||||
ShowReadingTime: true
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: true
|
||||
ShowRssButtonInSectionTermList: true
|
||||
# UseHugoToc: true
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/hiiruki/hiiruki.dev/tree/main/content/blog/centos-qradar-integration/"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
|
||||
## Overview
|
||||
|
||||
This is a guide to setup CentOS for IBM QRadar CE Integration with VMware Workstation and send logs to QRadar CE.
|
||||
|
||||
CentOS in this setup will act as a client that will be monitored by QRadar CE.
|
||||
|
||||
## Prerequisites
|
||||
|
||||
- [VMware Workstation Pro](https://www.vmware.com/products/workstation-pro/workstation-pro-evaluation.html) or [VMware Workstation Player](https://www.vmware.com/products/workstation-player/workstation-player-evaluation.html)
|
||||
- [QRadar CE ISO](https://www.ibm.com/community/qradar/ce/)
|
||||
|
||||
## Setup
|
||||
|
||||
> **Note:** Before you start, make sure your **QRadar CE VM** is **already running**.
|
||||
|
||||
### 1. Open VMware Workstation and click Open a Virtual Machine
|
||||
|
||||
![Open a Virtual Machine](./images/step1.webp#center "Open a Virtual Machine")
|
||||
|
||||
or you can click **File > Open...** or use the shortcut `Ctrl + O`
|
||||
|
||||
![Open a Virtual Machine](./images/step1-2.webp#center "Open a Virtual Machine")
|
||||
|
||||
### 2. Select the QRadar CE ISO file and click Open
|
||||
|
||||
![Select the QRadar CE ISO file](./images/step2.webp#center "Select the QRadar CE ISO file")
|
||||
|
||||
### 3. Name the VM and select the location to save the VM, then click Import
|
||||
|
||||
![Name the VM and select the location to save the VM](./images/step3.webp#center "Name the VM and select the location to save the VM")
|
||||
|
||||
### 4. Wait for the import to complete then click Edit virtual machine settings
|
||||
|
||||
![Wait for the import to complete](./images/step4.webp#center "Wait for the import to complete")
|
||||
|
||||
### 5. Change the virtual machine settings as needed
|
||||
|
||||
In my setup, I changed the following settings:
|
||||
|
||||
- Memory: 512 MB
|
||||
- Processors: 1
|
||||
- Network Adapter: NAT
|
||||
|
||||
> **Note:** We don't need that much memory and processors for this setup, because we will only use it as a dummy server/client. You can change the settings later if you need more memory and processors.
|
||||
|
||||
Change the memory from **6 GB** to **512 MB** (or as needed)
|
||||
|
||||
![memory](./images/step5.webp#center "memory")
|
||||
|
||||
Change the processors from **2** to **1** (or as needed)
|
||||
|
||||
![processors](./images/step5-2.webp#center "processors")
|
||||
|
||||
Change the network adapter from **Bridged** to **NAT**, then click **OK**
|
||||
|
||||
![network adapter](./images/step5-3.webp#center "network adapter")
|
||||
|
||||
So the final settings will be like this:
|
||||
|
||||
![final settings](./images/step5-4.webp#center "final settings")
|
||||
|
||||
### 6. Power on the VM
|
||||
|
||||
![Power on the VM](./images/step6.webp#center "Power on the VM")
|
||||
|
||||
### 7. Wait for the VM to boot up and login with the root user and create a new password
|
||||
|
||||
> **Note:** Don't forget the password that you created, because you will need it later.
|
||||
|
||||
![login with root user](./images/step7.webp#center "login with root user")
|
||||
|
||||
### 8. Configure the network
|
||||
|
||||
Type `nmtui` to open the Network Manager Text User Interface
|
||||
|
||||
![nmtui](./images/step8.webp#center "nmtui")
|
||||
|
||||
- Select **Set system hostname** and press **Enter**
|
||||
|
||||
![set system hostname](./images/step8-2.webp#center "set system hostname")
|
||||
|
||||
- Set the hostname, in my setup I set it to `centos` and press **Enter**
|
||||
|
||||
![set hostname](./images/step8-3.webp#center "set hostname")
|
||||
|
||||
- Select **OK** and press **Enter**
|
||||
|
||||
![select OK](./images/step8-4.webp#center "select OK")
|
||||
|
||||
- Select **Quit** and press **Enter**
|
||||
|
||||
![select Quit](./images/step8-5.webp#center "select Quit")
|
||||
|
||||
- type `clear` to clear the screen
|
||||
|
||||
- type `bash` to refresh the bash shell, so the hostname will be updated
|
||||
|
||||
![refresh bash shell](./images/step8-6.webp#center "refresh bash shell")
|
||||
|
||||
- Check the connection by typing `ping google.com` and press **Enter**
|
||||
|
||||
![ping google.com](./images/step8-7.webp#center "ping google.com")
|
||||
|
||||
- Check the IP address by typing `ip -br addr` and press **Enter**
|
||||
|
||||
> **Note:** Take note of the IP address, because you will need it later.
|
||||
|
||||
![ip -br addr](./images/step8-8.webp#center "ip -br addr")
|
||||
|
||||
In my case, the IP address is `192.168.211.128`
|
||||
|
||||
### 9. SSH to the VM centos
|
||||
|
||||
You can use [PuTTY](https://www.putty.org/), [Windows Terminal](https://www.microsoft.com/en-us/p/windows-terminal/9n0dx20hk701?activetab=pivot:overviewtab), [Windows Subsystem for Linux (WSL)](https://docs.microsoft.com/en-us/windows/wsl/install-win10), [MobaXterm](https://mobaxterm.mobatek.net/) or any other [SSH](https://en.wikipedia.org/wiki/Secure_Shell "SSH @ Wikipedia") client you want.
|
||||
|
||||
In my case, I use [Termius](https://termius.com/).
|
||||
|
||||
- Set the details as needed
|
||||
|
||||
![set the details](./images/step9.webp#center "set the details")
|
||||
|
||||
- Type `ssh root@<IP address>` and press **Enter**
|
||||
- Type password that you created earlier and press **Enter**
|
||||
- In Termius you can connect to the VM using **Quick Connect** feature, so you don't need to type the IP address and password every time you want to connect to the VM.
|
||||
|
||||
![ssh root@<IP address>](./images/step9-2.webp#center "ssh root@<IP address>")
|
||||
|
||||
- Voila! You are now connected to the VM
|
||||
|
||||
![connected to the VM](./images/step9-3.webp#center "connected to the VM")
|
||||
|
||||
### 10. Install the required packages and dependencies
|
||||
|
||||
- Type `yum install audit` and press **Enter**
|
||||
|
||||
![yum install audit](./images/step10.webp#center "yum install audit")
|
||||
|
||||
- Type `y` if prompted and press **Enter**
|
||||
|
||||
![y](./images/step10-2.webp#center "y")
|
||||
|
||||
### 11. Configure the auditd service
|
||||
|
||||
- Start the auditd service by typing `service start auditd` and press **Enter**
|
||||
- If you get a warning, just type `systemctl daemon-reload` and press **Enter**
|
||||
- Type `service start auditd` and press **Enter** again
|
||||
|
||||
![service start auditd](./images/step11.webp#center "service start auditd")
|
||||
|
||||
- Type `chkconfig auditd on` and press **Enter** to enable the auditd service
|
||||
|
||||
![chkconfig auditd on](./images/step11-2.webp#center "chkconfig auditd on")
|
||||
|
||||
- Type `service auditd status` and press **Enter** to check the status of the auditd service
|
||||
|
||||
![service auditd status](./images/step11-3.webp#center "service auditd status")
|
||||
|
||||
- If you encounter an error like this:
|
||||
|
||||
> The service command supports only basic LSB actions (start, stop, restart, try-restart, reload, force-reload, status). For other actions, please try to use systemctl.
|
||||
|
||||
![service auditd status error](./images/step11-4.webp#center "service auditd status error")
|
||||
|
||||
- Just type `systemctl start auditd` and press **Enter** to start the auditd service.
|
||||
|
||||
![systemctl start auditd](./images/step11-5.webp#center "systemctl start auditd")
|
||||
|
||||
### 12. Configure the audit rules
|
||||
|
||||
- Type `vi /etc/audisp/plugins.d/syslog.conf` and press **Enter** to edit the syslog.conf file
|
||||
|
||||
![vi /etc/audisp/plugins.d/syslog.conf](./images/step12.webp#center "vi /etc/audisp/plugins.d/syslog.conf")
|
||||
|
||||
![vi /etc/audisp/plugins.d/syslog.conf](./images/step12-2.webp#center "vi /etc/audisp/plugins.d/syslog.conf")
|
||||
|
||||
- Press `i` to enter the insert mode
|
||||
- Change the content of the `syslog.conf` file to this:
|
||||
- active = yes
|
||||
- direction = out
|
||||
- path = builtin_syslog
|
||||
- type = builtin
|
||||
- args = LOG_LOCAL6
|
||||
- format = string
|
||||
|
||||
- So the final content of the `syslog.conf` file will be like this:
|
||||
|
||||
![syslog.conf](./images/step12-3.webp#center "syslog.conf")
|
||||
|
||||
- Press `Esc` to exit the insert mode
|
||||
- Type `:wq` and press **Enter** to save and exit the file
|
||||
|
||||
### 13. Configure the rsyslog service
|
||||
|
||||
- Type `vi /etc/rsyslog.conf` and press **Enter** to edit the rsyslog.conf file
|
||||
|
||||
![vi /etc/rsyslog.conf](./images/step13.webp#center "vi /etc/rsyslog.conf")
|
||||
|
||||
- Press `shift + G` to go to the end of the file
|
||||
- Press `O` to enter the insert mode and add this line at the end of the file:
|
||||
- `*.* @<IP_ADDRESS_QRADAR>:514`
|
||||
- Check the IP address of the QRadar CE VM, in my case the IP address is `192.168.211.129`
|
||||
|
||||
![rsyslog.conf](./images/step13-2.webp#center "rsyslog.conf")
|
||||
|
||||
- Like this:
|
||||
|
||||
![rsyslog.conf](./images/step13-3.webp#center "rsyslog.conf")
|
||||
|
||||
- Press `Esc` to exit the insert mode
|
||||
- Type `:wq` and press **Enter** to save and exit the file
|
||||
|
||||
### 14. Restart the auditd and rsyslog services
|
||||
|
||||
- Type `service auditd restart` and press **Enter** to restart the auditd service
|
||||
|
||||
![service auditd restart](./images/step14.webp#center "service auditd restart")
|
||||
|
||||
- Type `systemctl restart rsyslog` and press **Enter** to restart the rsyslog service
|
||||
|
||||
![systemctl restart rsyslog](./images/step14-2.webp#center "systemctl restart rsyslog")
|
||||
|
||||
### 15. Open the QRadar CE Dashboard on your browser and add a filter
|
||||
|
||||
- Open your browser and go to `https://<IP_ADDRESS_QRADAR>`
|
||||
- Login with the username `admin` and your password
|
||||
- Click **Log Activity** and click **Add Filter**
|
||||
|
||||
![Log Activity](./images/step15.webp#center "Log Activity")
|
||||
|
||||
- Add a filter with the following details:
|
||||
- Parameter: `Source IP [Indexed]`
|
||||
- Operator: `Equals`
|
||||
- Value: `<IP_ADDRESS_CENTOS>`, in my case the IP address is `192.168.211.128`
|
||||
|
||||
![Add Filter](./images/step15-2.webp#center "Add Filter")
|
||||
|
||||
- Change the View to **Real Time (streaming)**
|
||||
|
||||
![Change the View](./images/step15-3.webp#center "Change the View")
|
||||
|
||||
### 16. Test the log with add user in the centos VM
|
||||
|
||||
- Type `useradd test` and press **Enter** to add a new user
|
||||
|
||||
![useradd test](./images/step16.webp#center "useradd test")
|
||||
|
||||
- If you get **Unknown log event**, you can restart the auditd and rsyslog services again
|
||||
- Type `service auditd restart` and press **Enter** to restart the auditd service
|
||||
- Type `systemctl restart rsyslog` and press **Enter** to restart the rsyslog service
|
||||
- Type `useradd test` and press **Enter** again to add a new user
|
||||
- Now you can see the activity log in the QRadar CE Dashboard
|
||||
- You can also see the log in the `/var/log/audit/audit.log` file in the centos VM
|
||||
|
||||
![useradd test](./images/step16-2.webp#center "useradd test")
|
||||
|
||||
- Test deleting the user by typing `userdel test` and press **Enter**
|
||||
|
||||
![userdel test](./images/step16-3.webp#center "userdel test")
|
||||
|
||||
- Now you can see the activity log in the QRadar CE Dashboard, notice that the **Event Name** is contains user deletion activity.
|
||||
|
||||
![userdel test](./images/step16-4.webp#center "userdel test")
|
||||
|
||||
- You can try with other activities like `usermod`, `userpasswd`, `usergroup`, login and logout, change some configuration, etc.
|
||||
|
||||
![other activity](./images/step16-5.webp#center "other activity")
|
||||
|
||||
### 17. Voila! You have successfully setup CentOS for IBM QRadar CE Integration with VMware Workstation
|
||||
|
||||
You can now explore the QRadar CE Dashboard and see the logs from your CentOS VM.
|
||||
|
||||
## References
|
||||
|
||||
- https://www.ibm.com/community/qradar/ce/
|
||||
- https://www.ibm.com/docs/en/SS42VS_7.4/pdf/b_siem_inst.pdf
|
||||
- https://www.ibm.com/docs/en/SS42VS_7.4/pdf/b_qradar_system_notifications.pdf
|
||||
- https://www.ibm.com/community/qradar/wp-content/uploads/sites/5/2020/03/QRadar_CE_Under_the_Radar_21Feb.pdf
|
||||
- https://www.ibm.com/docs/en/qradar-on-cloud?topic=support-common-problems
|
||||
- https://www.ibm.com/docs/en/qsip
|
||||
- http://ftpmirror.your.org/pub/misc/ftp.software.ibm.com/software/security/products/qradar/documents/7.2.4/QLM/EN/b_qradar_system_notifications.pdf
|
||||
- https://www.reddit.com/r/QRadar/comments/p5lfzz/best_strategy_for_monitor_linux_servers/
|
||||
- [Forwarding Syslogs from Linux Hosts to QRadar](https://wiki.secure-iss.com/Public/SOC/LinuxLogForwarding)
|
||||
- [Sending Linux logs to QRadar (rsyslog.conf) by Jose Bravo](https://youtu.be/Dmf2iwRqATI?si=Ctf9DJd9CHVp4sHk)
|
||||
- [Mastering Linux OS Integration with IBM QRadar: A Comprehensive Guide to Supercharge Your Security” by Ahmad Hassan Tariq](https://medium.com/@AhmadCyberZone.com/mastering-linux-os-integration-with-ibm-qradar-a-comprehensive-guide-to-supercharge-your-security-9d1be9eab9c9)
|
||||
- Guide/learning material from [Infinite Learning HCAI Program](https://kampusmerdeka.kemdikbud.go.id/program/studi-independen/browse/863c3409-8b4e-4c96-9edd-71ee61e9fc41/7a22d773-4ea0-11ed-a45a-c2cca2f5088a) (I can't share the material/content directly, because it's confidential and belong to [Infinite Learning](https://www.infinitelearning.id/) and IBM Academy)
|
Before Width: | Height: | Size: 14 KiB |
Before Width: | Height: | Size: 2.0 MiB |
Before Width: | Height: | Size: 108 KiB |
@ -2,10 +2,10 @@
|
||||
title: "Hello World!"
|
||||
description: "Yet another blog."
|
||||
summary: "Yet another blog."
|
||||
date: 2023-09-03T21:48:44+07:00
|
||||
date: 2023-10-09T13:36:12+07:00
|
||||
draft: false
|
||||
author: "Hiiruki" # ["Me", "You"] # multiple authors
|
||||
tags: ["random", "misc", "hello-world", "SSG"]
|
||||
author: "Lemniskett" # ["Me", "You"] # multiple authors
|
||||
tags: ["hello-world"]
|
||||
canonicalURL: ""
|
||||
showToc: true
|
||||
TocOpen: false
|
||||
@ -36,52 +36,6 @@ cover:
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
|
||||
![Hello World!](images/hello-world.gif#center "Hello World in terminal")
|
||||
Hello World!
|
||||
|
||||
Yeah, my another blog ~~again~~ (¬_¬)
|
||||
|
||||
Previously I had a blog that used Static Site Generator (SSG) which is [Eleventy](https://11ty.dev), but now I have moved to other SSGs and what I'm using now is [Hugo](https://gohugo.io/).
|
||||
|
||||
## Tech Stack
|
||||
|
||||
- [Hugo](https://gohugo.io/) for the Static Site Generator (SSG)
|
||||
- [Netlify](https://netlify.com) to host this site and for the CI/CD pipeline
|
||||
- [GitHub](https://github.com) to host the source code
|
||||
|
||||
## Flow
|
||||
|
||||
![Flow](images/flow.svg#center "Flow")
|
||||
|
||||
## Why SSG?
|
||||
|
||||
I'm using SSG because it's easier to use and it's faster than using CMS (Content Management System) like [WordPress](https://wordpress.com/). I don't need to worry about the server, database, etc. I just need to write the content and the SSG will generate the static site for me.
|
||||
|
||||
Static site generators offer several advantages that make them a compelling choice:
|
||||
|
||||
- ***Efficiency***: SSGs pre-generate web pages, eliminating the need for server-side processing. This results in faster load times and reduced server resource consumption.
|
||||
- ***Security***: Since there's no dynamic server-side code execution, the attack surface is smaller, making your website less vulnerable to security threats.
|
||||
- ***Scalability***: Static sites can handle high levels of traffic without performance issues, making them suitable for projects of all sizes.
|
||||
- ***Version Control***: Content and code can be easily managed with version control systems like Git, enabling collaborative development and content updates.
|
||||
- ***Cost-Effectiveness***: Hosting static sites is often less expensive than dynamic sites because you don't need robust server infrastructure or database management.
|
||||
- ***Simplicity***: SSGs encourage a straightforward development process. Content is created and organized in plain text files (e.g., Markdown), and the generator takes care of rendering them into HTML.
|
||||
- ***Portability***: You can host static sites on a variety of platforms, making it easy to switch hosting providers or migrate your site.
|
||||
- ***Maintainability***: Easy to maintain regarding software updates.
|
||||
- ***Transparency***: Transparent in what is going on under the hood. Especially the open-source SSGs.
|
||||
|
||||
## Why Hugo?
|
||||
|
||||
I'm using Hugo because it's fast, simple, and easy to use. It's also written in Go, making it cross-platform. I'm avoiding the use of Node.js because it's bloated and slow. Additionally, some individuals have [security concerns related to JavaScript](https://yewtu.be/watch?v=pid5kmWXSj8), so I'm minimizing its usage as much as possible. This site also functions properly even when JavaScript is disabled.
|
||||
|
||||
## Why Netlify?
|
||||
|
||||
I'm using Netlify because it's free, easy to use, and it has a CI/CD pipeline. I'm using the free plan because I don't need the paid plan yet. I'm also using Netlify because it's easy to set up and it's easy to connect to GitHub.
|
||||
|
||||
## Why Blogging?
|
||||
|
||||
I started this blog to jot down things I've learned, mainly because I tend to forget stuff I picked up earlier. But hey, I've made it public, so you're welcome to give it a read and pick up things too. Sharing is caring, after all! ^^
|
||||
|
||||
Sorry if there are any mistakes in the blog/articles/writeups, you can [contact](/about/#contacts) me if you have any questions.
|
||||
|
||||
Anyway, welcome to my blog and happy reading! ^^
|
||||
|
||||
![Thank You!](images/sailor-saturn.webp#center 'Hotaru "Sailor Saturn, Guardian of Silence" Tomoe from Sailor Moon')
|
||||
This website is forked from [Hiiruki's Personal Website](https://github.com/hiiruki/hiiruki.dev)
|
@ -1,81 +0,0 @@
|
||||
---
|
||||
title: "Hugo Open External Link in New Tab and Add Rel Attribute"
|
||||
description: "How to add a render hook for link in Hugo"
|
||||
summary: "How to add a render hook for link in Hugo"
|
||||
date: 2023-09-10T19:38:50+07:00
|
||||
draft: false
|
||||
author: "Hiiruki" # ["Me", "You"] # multiple authors
|
||||
tags: ["hugo", "render-hook", "goldmark"]
|
||||
canonicalURL: ""
|
||||
showToc: true
|
||||
TocOpen: false
|
||||
TocSide: 'right' # or 'left'
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
hidemeta: false
|
||||
comments: false
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: true
|
||||
hideSummary: false
|
||||
searchHidden: false
|
||||
ShowReadingTime: true
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: true
|
||||
ShowRssButtonInSectionTermList: true
|
||||
UseHugoToc: false
|
||||
cover:
|
||||
image: "<image path/url>" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "<text>" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: true # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/hiiruki/hiiruki.dev/tree/main/content/blog"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
|
||||
Hugo is using [goldmark](https://github.com/yuin/goldmark/) as its markdown renderer and has a [render hook](https://gohugo.io/templates/render-hooks/) feature.
|
||||
|
||||
Previously, Hugo uses [Blackfriday](https://github.com/russross/blackfriday) as its markdown renderer in version below `v0.60.0`. Check the [changelog](https://github.com/gohugoio/hugo/releases/tag/v0.60.0) for more information.
|
||||
|
||||
### Method 1 (No JavaScript)
|
||||
|
||||
Make a file `layouts/_default/_markup/render-link.html` and add the following code:
|
||||
|
||||
```html
|
||||
<a href="{{ .Destination | safeURL }}"
|
||||
{{ with .Title}} title="{{ . }}"{{ end }}
|
||||
{{ if strings.HasPrefix .Destination "http" }}
|
||||
target="_blank" rel="external nofollow noopener noreferrer"
|
||||
{{ end }}>
|
||||
{{ .Text | safeHTML }}
|
||||
</a>
|
||||
```
|
||||
|
||||
### Method 2 (JavaScript)
|
||||
|
||||
Make a file `layouts/partials/extend_head.html` and add the following code:
|
||||
|
||||
```html
|
||||
<script>
|
||||
document.addEventListener('DOMContentLoaded', function () {
|
||||
var links = document.getElementsByTagName("a");
|
||||
var i;
|
||||
for (i = 0; i < links.length; i++) {
|
||||
if (location.hostname !== links[i].hostname) {
|
||||
links[i].rel = "external nofollow noopener noreferrer";
|
||||
links[i].target = "_blank";
|
||||
}
|
||||
}
|
||||
});
|
||||
</script>
|
||||
```
|
||||
|
||||
## References
|
||||
|
||||
- https://gohugo.io/templates/render-hooks/
|
||||
- https://discourse.gohugo.io/t/open-external-links-in-new-tab-window/34000?page=2
|
||||
- https://agrimprasad.com/post/hugo-goldmark-markdown/
|
||||
- https://www.petanikode.com/hugo-render-hooks/
|
Before Width: | Height: | Size: 18 KiB |
Before Width: | Height: | Size: 125 KiB |
Before Width: | Height: | Size: 36 KiB |
Before Width: | Height: | Size: 3.2 KiB |
Before Width: | Height: | Size: 4.1 KiB |
Before Width: | Height: | Size: 11 KiB |
Before Width: | Height: | Size: 7.3 KiB |
Before Width: | Height: | Size: 19 KiB |
Before Width: | Height: | Size: 86 KiB |
@ -1,131 +0,0 @@
|
||||
---
|
||||
title: "Port Forwarding with ngrok"
|
||||
description: "Make your local server accessible from the internet"
|
||||
summary: "Make your local server accessible from the internet"
|
||||
date: 2023-09-15T07:37:05+07:00
|
||||
draft: false
|
||||
author: "Hiiruki" # ["Me", "You"] # multiple authors
|
||||
tags: ["ngrok", "port-forwarding", "linux", "ssh", "tutorial", "server", "tcp"]
|
||||
canonicalURL: ""
|
||||
showToc: true
|
||||
TocOpen: false
|
||||
TocSide: 'right' # or 'left'
|
||||
# weight: 1
|
||||
# aliases: ["/first"]
|
||||
hidemeta: false
|
||||
comments: false
|
||||
disableHLJS: true # to disable highlightjs
|
||||
disableShare: true
|
||||
hideSummary: false
|
||||
searchHidden: false
|
||||
ShowReadingTime: true
|
||||
ShowBreadCrumbs: true
|
||||
ShowPostNavLinks: true
|
||||
ShowWordCount: true
|
||||
ShowRssButtonInSectionTermList: true
|
||||
# UseHugoToc: true
|
||||
cover:
|
||||
image: "images/cover.webp" # image path/url
|
||||
alt: "<alt text>" # alt text
|
||||
caption: "ngrok illustration | https://ngrok.com/" # display caption under cover
|
||||
relative: false # when using page bundles set this to true
|
||||
hidden: false # only hide on current single page
|
||||
# editPost:
|
||||
# URL: "https://github.com/hiiruki/hiiruki.dev/tree/main/content/blog/port-forwarding-ngrok/index.md"
|
||||
# Text: "Suggest Changes" # edit text
|
||||
# appendFilePath: true # to append file path to Edit link
|
||||
---
|
||||
|
||||
## Introduction
|
||||
|
||||
[Port forwarding](https://en.wikipedia.org/wiki/Port_forwarding "Port forwarding @ Wikipedia") is a technique that allows external devices to access a device that is behind a firewall, NAT, or private network. It is commonly used to make a local server accessible from the internet.
|
||||
|
||||
[ngrok](https://ngrok.com/ "ngrok") is a tool that creates a secure tunnel to your local server. It is free to use, but you can also buy a paid plan to get more features. ngrok is available for Windows, macOS, Linux, Docker, FreeBSD, etc.
|
||||
|
||||
|
||||
## Steps
|
||||
|
||||
### 1. Download ngrok
|
||||
|
||||
Download [ngrok](https://ngrok.com/download "Download ngrok") from the official website.
|
||||
|
||||
You can also use `wget` to download ngrok directly to your server. This is useful if you want to use ngrok on a server that does not have a GUI.
|
||||
|
||||
> **Note:** Install `wget` if it is not installed on your server. For Debian/Ubuntu, you can install it with `sudo apt install wget`. For CentOS/RHEL, you can install it with `sudo yum install wget`.
|
||||
|
||||
{{< figure src="./images/step1.webp" caption="Install `wget` on CentOS" align="center" alt="Install wget on CentOS" >}}
|
||||
|
||||
Download ngrok with this command:
|
||||
|
||||
```bash
|
||||
wget https://bin.equinox.io/c/bNyj1mQVY4c/ngrok-v3-stable-linux-amd64.tgz --no-check-certificate
|
||||
```
|
||||
|
||||
`--no-check-certificate` is used to bypass the SSL certificate check. This is useful if you are using a self-signed certificate.
|
||||
|
||||
{{< figure src="./images/step1-2.webp" caption="ngrok download" align="center" alt="ngrok download" >}}
|
||||
|
||||
### 2. Extract ngrok
|
||||
|
||||
Extract it to a directory of your choice. I will use `/usr/local/bin` in this example.
|
||||
|
||||
```bash
|
||||
tar -xzf ngrok-v3-stable-linux-amd64.tgz -C /usr/local/bin
|
||||
```
|
||||
|
||||
![ngrok extract](./images/step2.webp#center "ngrok extract")
|
||||
|
||||
That command will extract the `ngrok` binary to `/usr/local/bin`. You can check if it is installed correctly by running `ngrok --version`
|
||||
|
||||
![ngrok version](./images/step2-2.webp#center "ngrok version")
|
||||
|
||||
### 3. Create an account
|
||||
|
||||
Create an account on [ngrok](https://dashboard.ngrok.com/signup "Sign up for ngrok") and get your auth token from the [dashboard](https://dashboard.ngrok.com/get-started/your-authtoken "Your authtoken @ ngrok dashboard").
|
||||
|
||||
![ngrok dashboard](./images/step3.webp#center "ngrok auth token")
|
||||
|
||||
### 4. Connect your account
|
||||
|
||||
Connect your account by running `ngrok authtoken <your_auth_token>`. Replace `<your_auth_token>` with your auth token.
|
||||
|
||||
or
|
||||
|
||||
`ngrok config add-authtoken <your_auth_token>`
|
||||
|
||||
![ngrok connect](./images/step4.webp#center "ngrok connect")
|
||||
|
||||
### 5. Start ngrok
|
||||
|
||||
In this example, I want to make my local SSH server accessible from the internet. So, I will use port 22 for this example.
|
||||
|
||||
Run `ngrok tcp 22` to start ngrok.
|
||||
|
||||
![ngrok start](./images/step5.webp#center "ngrok start")
|
||||
|
||||
### 6. Connect to your server
|
||||
|
||||
Connect to your server with the ngrok URL.
|
||||
|
||||
Domain: **0.tcp.ap.ngrok.io**<br>
|
||||
Port: **11507**
|
||||
|
||||
So the full command will be `ssh username@0.tcp.ap.ngrok.io -p 11507`
|
||||
|
||||
{{< figure src="./images/step6.webp" caption="Remote SSH the **CentOS 7** using **Ubuntu 22.04.2 LTS (WSL)** with ngrok" align="center" alt="Install wget on CentOS" >}}
|
||||
|
||||
> **Note:** The ngrok URL will change every time you start ngrok. So, you need to update the URL every time you start ngrok.
|
||||
|
||||
## Conclusion
|
||||
|
||||
That's it! Now you can make your local server accessible from the internet with ngrok. You can also use ngrok to make your local website accessible from the internet. Just use the right tunnel type for your server.
|
||||
|
||||
For example, if you want to make your local website accessible from the internet, you can use `ngrok http 80` to start ngrok. Then you can access your website with the ngrok URL. You can also use ngrok to make your local SSH server accessible from the internet. Just use `ngrok tcp 22` to start ngrok. Then you can connect to your server with the ngrok URL.
|
||||
|
||||
Further reading: [ngrok Tunnels](https://ngrok.com/docs/secure-tunnels/tunnels/ "ngrok Tunnels")
|
||||
|
||||
## References
|
||||
|
||||
- [ngrok documentation](https://ngrok.com/docs "ngrok Documentation")
|
||||
- [Port forwarding - Wikipedia](https://en.wikipedia.org/wiki/Port_forwarding "Port forwarding - Wikipedia")
|
||||
- [ngrok Tunnels](https://ngrok.com/docs/secure-tunnels/tunnels/ "ngrok Tunnels")
|
Before Width: | Height: | Size: 19 KiB |
Before Width: | Height: | Size: 24 KiB |
Before Width: | Height: | Size: 5.6 KiB |
Before Width: | Height: | Size: 4.0 KiB |
Before Width: | Height: | Size: 12 KiB |
Before Width: | Height: | Size: 12 KiB |
Before Width: | Height: | Size: 1.5 KiB |
Before Width: | Height: | Size: 6.7 KiB |
Before Width: | Height: | Size: 6.0 KiB |
Before Width: | Height: | Size: 3.1 KiB |
Before Width: | Height: | Size: 2.9 KiB |
Before Width: | Height: | Size: 6.1 KiB |
Before Width: | Height: | Size: 5.4 KiB |
Before Width: | Height: | Size: 8.4 KiB |
Before Width: | Height: | Size: 64 KiB |
Before Width: | Height: | Size: 60 KiB |
Before Width: | Height: | Size: 4.8 KiB |
Before Width: | Height: | Size: 15 KiB |
Before Width: | Height: | Size: 64 KiB |
Before Width: | Height: | Size: 16 KiB |
Before Width: | Height: | Size: 6.8 KiB |
Before Width: | Height: | Size: 11 KiB |
Before Width: | Height: | Size: 133 KiB |
Before Width: | Height: | Size: 30 KiB |
Before Width: | Height: | Size: 30 KiB |
Before Width: | Height: | Size: 10 KiB |
Before Width: | Height: | Size: 37 KiB |
Before Width: | Height: | Size: 30 KiB |
Before Width: | Height: | Size: 34 KiB |
Before Width: | Height: | Size: 275 KiB |
Before Width: | Height: | Size: 70 KiB |
Before Width: | Height: | Size: 7.1 KiB |
Before Width: | Height: | Size: 43 KiB |
Before Width: | Height: | Size: 170 KiB |
Before Width: | Height: | Size: 211 KiB |
Before Width: | Height: | Size: 51 KiB |