Preface: this is the poor’s man way of hooking up Suricata IDS to Mikrotik any router. Better ways would be using port mirroring or putting Suricata host directly in front of the router. My goal was to have all network traffic coming and going from internet mirrored into the suricata virtual machine. Network schema is the following: (internet) <-> routeros <-> debian_hypervisor <-> (linux bridge) <-> Suricata_VM There are few ways of doing this, the one which is in my opinion the lesser evil involves: …

Shockingly enough out of the box Zabbix (version 6) does not include any template to monitor a very crucial compontent every organization: DNS. Like most open source aficionado my DNS of choice is BIND named. Luckily Zabbix has a pretty huge community and plenty of templates for it are freely available, a quick search on the interwebz lead me to this page. Kudos to whoever wrote this template, I just took it and tweaked it a little bit. …

By default on every Linux distro after installing QEMU and libvirt two kinds of networking are available: NAT: VM sits behind a NAT. MACVTAP: without going into much details it acts more or less like a bridged network, except not really. One of the most annoying limitations is that host to guest communication and vice versa are not really working well. Other important things might be broken as well, like for example VRRP. …

Keepalived is a routing software written in C that can be used to setup load balancing and high availiability for Linux machines. NOTE: hypervisor is Debian 10 (Buster) with libvirt and qemu/kvm, virtual machines also are Debian 10 (Buster). Keepalived configuration Install keepalived: $ apt install keepalived Install nginx, it will be use to check that keepalived is actually working: $ apt install nginx $ systemctl enable --now nginx Configure keepalived: …

Wireguard is an open source software and communication protocol which aims to provide a simpler and safer alternative to OpenVPN. Compared to OpenVPN both client and server configuration are much simpler and mantaining a PKI is also not required. Performance wise Wireguard is also faster than OpenVPN. SERVER: Debian 10 (Codename Buster) As of today Wireguard is not included in Debian 10 stable repos, so it is required to enable backports to install it: …

After the CentOS fiasco (good job Redhat/IBM) and since we are more or less in lockdown I decided to invest a couple of days to migrate my home infra from CentOS 7 to Debian 10. One of my physical machines, which was also CentOS 7 based, is used as ISCSI target. Debian 10 - Server A.K.A. Target Install the required packages: $ sudo apt-get install tgt dkms Create a device backstore: …

A few weeks ago Siemens released a very much needed upgrade of the IOT2000 platform; the newcomer is called IOT2050 and is a huge step forward compared to the very very underpowered IOT2040. I have had one for a few days laying on my desk but I just found the time to play with it today. Other than the new hardware, the officially supported operating system also changed from Yocto Linux to Debian Buster (kudos for dropping Yocto). …

Zabbix should theoretically be able out of the box to send alerts via XMPP. For some reason this functionality does not work as intended, luckily it is possible to specify a custom script to send alerts; combining the aforementioned script with the Perl library sendxmpp is the easiest way to enable Zabbix from sending notifications via XMPP. $ yum install sendxmpp Create a bash script, this will be invoked by Zabbix to send notifications: …