We are in the cloud, running on someone else’s computer.

Preface: this is the poor’s man way of hooking up Suricata IDS to Mikrotik any router. Better ways would be using port mirroring or putting Suricata host directly in front of the router. My goal was to have all network traffic coming and going from internet mirrored into the suricata virtual machine. Network schema is the following: (internet) <-> routeros <-> debian_hypervisor <-> (linux bridge) <-> Suricata_VM There are few ways of doing this, the one which is in my opinion the lesser evil involves: …

Shockingly enough out of the box Zabbix (version 6) does not include any template to monitor a very crucial compontent every organization: DNS. Like most open source aficionado my DNS of choice is BIND named. Luckily Zabbix has a pretty huge community and plenty of templates for it are freely available, a quick search on the interwebz lead me to this page. Kudos to whoever wrote this template, I just took it and tweaked it a little bit. …

Last week I converted myself to wireless earphones. I don’t consider myself an audiophile, I don’t have any deep knowledge of music but I kinda enjoy listening to it. Because of this I have had a few decent pairs of headphones, earphones and monitor speakers in my life; they all shared a thing: cables. Last week I pulled the trigger and bought myself my very first pair of wireless earphones: Sony WF-1000XM4. …

For the most part I never cared much about upgrading firmware because if it works don’t mess with it is usually my rule. I also don’t care much about having installed the latest version of Intel “““NSA botnet””” Management Engine, it is a piece of trash anyway so I might as well not have the latest updates. But since I have some issues with the NVME drive (very slow reads, it is most definitely dying) I figured a system wide firmware upgrade wouldn’t be a bad thing. …

By default on every Linux distro after installing QEMU and libvirt two kinds of networking are available: NAT: VM sits behind a NAT. MACVTAP: without going into much details it acts more or less like a bridged network, except not really. One of the most annoying limitations is that host to guest communication and vice versa are not really working well. Other important things might be broken as well, like for example VRRP. …

Keepalived is a routing software written in C that can be used to setup load balancing and high availiability for Linux machines. NOTE: hypervisor is Debian 10 (Buster) with libvirt and qemu/kvm, virtual machines also are Debian 10 (Buster). Keepalived configuration Install keepalived: $ apt install keepalived Install nginx, it will be use to check that keepalived is actually working: $ apt install nginx $ systemctl enable --now nginx Configure keepalived: …

Wireguard is an open source software and communication protocol which aims to provide a simpler and safer alternative to OpenVPN. Compared to OpenVPN both client and server configuration are much simpler and mantaining a PKI is also not required. Performance wise Wireguard is also faster than OpenVPN. SERVER: Debian 10 (Codename Buster) As of today Wireguard is not included in Debian 10 stable repos, so it is required to enable backports to install it: …