Preface: this is the poor’s man way of hooking up Suricata IDS to Mikrotik any router. Better ways would be using port mirroring or putting Suricata host directly in front of the router. My goal was to have all network traffic coming and going from internet mirrored into the suricata virtual machine. Network schema is the following: (internet) <-> routeros <-> debian_hypervisor <-> (linux bridge) <-> Suricata_VM There are few ways of doing this, the one which is in my opinion the lesser evil involves: …

Shockingly enough out of the box Zabbix (version 6) does not include any template to monitor a very crucial compontent every organization: DNS. Like most open source aficionado my DNS of choice is BIND named. Luckily Zabbix has a pretty huge community and plenty of templates for it are freely available, a quick search on the interwebz lead me to this page. Kudos to whoever wrote this template, I just took it and tweaked it a little bit. …

By default on every Linux distro after installing QEMU and libvirt two kinds of networking are available: NAT: VM sits behind a NAT. MACVTAP: without going into much details it acts more or less like a bridged network, except not really. One of the most annoying limitations is that host to guest communication and vice versa are not really working well. Other important things might be broken as well, like for example VRRP. This mode is good for quick and dirty testing but not really for a stable environment. BRIDGED networking is also supported by libvirt but requires some manual work. A possible networking schema could be the following: …

Keepalived is a routing software written in C that can be used to setup load balancing and high availiability for Linux machines. NOTE: hypervisor is Debian 10 (Buster) with libvirt and qemu/kvm, virtual machines also are Debian 10 (Buster). Keepalived configuration Install keepalived: $ apt install keepalived Install nginx, it will be use to check that keepalived is actually working: $ apt install nginx $ systemctl enable --now nginx Configure keepalived: $ vi /etc/keepalived/keepalived.conf --- global_defs { enable_script_security # prevents tampering with the check script script_user root # defines which user runs the check script } vrrp_script chk_nginx { script "/opt/scripts/nginx-check.sh" interval 2 # run script every 2 seconds weight 2 # add 2 points if OK } vrrp_instance VI_1 { interface enp2s0 # interface to monitor virtual_router_id 51 priority 101 # MASTER 101, BACKUP 100 advert_int 1 nopreempt # comment to not have the VIP go back to MASTER # -> when it comes back online authentication { auth_type PASS auth_pass myPass # maximum 8 chars } virtual_ipaddress { 10.10.0.12/24 # VIP (Virtual IP Address) } track_script { chk_nginx } } Also add a script to check if nginx is alive and well: …

Wireguard is an open source software and communication protocol which aims to provide a simpler and safer alternative to OpenVPN. Compared to OpenVPN both client and server configuration are much simpler and mantaining a PKI is also not required. Performance wise Wireguard is also faster than OpenVPN. SERVER: Debian 10 (Codename Buster) As of today Wireguard is not included in Debian 10 stable repos, so it is required to enable backports to install it: …

After the CentOS fiasco (good job Redhat/IBM) and since we are more or less in lockdown I decided to invest a couple of days to migrate my home infra from CentOS 7 to Debian 10. One of my physical machines, which was also CentOS 7 based, is used as ISCSI target. Debian 10 - Server A.K.A. Target Install the required packages: $ sudo apt-get install tgt dkms Create a device backstore: …

A few weeks ago Siemens released a very much needed upgrade of the IOT2000 platform; the newcomer is called IOT2050 and is a huge step forward compared to the very very underpowered IOT2040. I have had one for a few days laying on my desk but I just found the time to play with it today. Other than the new hardware, the officially supported operating system also changed from Yocto Linux to Debian Buster (kudos for dropping Yocto). …

Zabbix should theoretically be able out of the box to send alerts via XMPP. For some reason this functionality does not work as intended, luckily it is possible to specify a custom script to send alerts; combining the aforementioned script with the Perl library sendxmpp is the easiest way to enable Zabbix from sending notifications via XMPP. $ yum install sendxmpp Create a bash script, this will be invoked by Zabbix to send notifications: …