Menu Close

Moloch Upgrade

Moloch Upgrade

  • Authors: Tomáš Mokoš, Miroslav Kohútik

Upgrading Moloch to the latest version is not possible from all versions. Some older versions require installation of newer versions in an exact order.

Upgrading to Moloch 1.1.0

The oldest version of Moloch we have had in active use was version 0.50.
Upgrading Moloch from version 0.50 to version 1.0 and higher requires reindexing of all session data due to the large changes introduced in version 1.0. Reindexing is done in the background after upgrading, so there is little downtime before the server is back online.

Server monitoring with Elastic Stack

Server monitoring with Elastic Stack

  • Author: Miroslav Kohútik
  • Elastic Stack Version: 6.7.0
  • Operating system : Ubuntu 16.04

Elastic stack is a group of products from the Elastic company built around the Elasticsearch database designed to process data from any type of source.

In this article we will show you how to monitor the state of the Elasticsearch service and server load using the Elastic Stack services.

Installation of Scirius CE

Installation of Scirius CE

  • Author: Miroslav Kohútik
  • Operating system : Ubuntu 16.04

Scirius Community Edition is a web interface dedicated to Suricata ruleset management. It handles the rules file and updates of the associated files.

This guide will walk you through the installation of Scirius Community Edition on Ubuntu 16.04 operating system.
Before proceeding with installation of Scirius CE, you need to have IDS Suricata installed. Installation guide for Suricata can be found here.

Installation of Zabbix 4.0

Installation of Zabbix 4.0

  • Author: Miroslav Kohútik
  • Operating system : Ubuntu 16.04

This guide describes the individual steps of the installation process of Zabbix version 4.0 on Ubuntu 16.04 operating system.

Zabbix is a free open-source monitoring software. Zabbix provides monitoring of many metrics about the state of the administered network and its devices and services (including virtual machines).

Running Fortigate FW VM inside of GNS3

In this post we describe how to run Fortigate FW VM appliance inside of the GNS3 (local or remote).

Prerequisities and environment

  • GNS3
    • In my case of version 2.1.1 running on a remote linux server (physical HW, not GSN3 VM).
    Fortigate VM Image for KVM
    • In my case FortiGate for KVM platform Version 6.2.
    • Download from HERE using Fortigate.ONE account (may create for free).
    GNS3 Fortigate Appliance

    Note: FortiGate VM evaluation license

    FortiGate VM includes a limited embedded 15-day trial license that supports:

Multi tabbed, multi execution telnet/ssh client

Working on our practical networking lessons our students and we, as their teachers, we usually configure several routers and switches (sometimes up to ten), which are accessible remotely. For this we welcome the use of multi tabbed and especially multi exection clients.

It allows to eficiently organize working space and run commands in one task on all connected network equipments (for example to save running config).

Installation of Suricata


Installation and basic setup of Suricata

First, add the latest stable Suricata repository to APT:

sudo add-apt-repository ppa:oisf/suricata-stable
sudo apt-get update

Now you can either install Suricata with:

sudo apt-get install suricata 

or the Suricata package with built-in (enabled) debugging

sudo apt-get install suricata-dbg

Basic setup

Start with creating a directory for Suricata’s log information.

sudo mkdir /var/log/suricata

To prepare the system for using it, enter:

sudo mkdir /etc/suricata

The next step is to copy classification.config, reference.config and suricata.yaml from the base build/installation directory (ex. from git it will be the oisf directory) to the /etc/suricata directory. Do so by entering the following:

sudo cp classification.config /etc/suricata
sudo cp reference.config /etc/suricata
sudo cp suricata.yaml /etc/suricata

Auto setup

You can also use the available auto setup features of Suricata:

The make install-conf option will do the regular “make install” and then automatically create/setup all the necessary directories and suricata.yaml.

 ./configure && make && make install-conf

The make install-rules option will do the regular “make install” and it automatically downloads and sets up the latest ruleset from Emerging Threats available for Suricata.

./configure && make && make install-rules

The make install-full option combines everything mentioned above (install-conf and install-rules) – and will present you with a ready to run (configured and set up) Suricata

./configure && make && make install-full

Source:

Suricata – Ubuntu installation

Setup Kodi to use Tvheadend backend

If you have working Tvheadend backend available, you can use Kodi as a frontend to watch live TV channels or browse EPG and setup and watch TV recordings.

This guide assumes, that the Kodi is already installed. You can obtain Kodi for Windows/macOS/Linux using the official Kodi webpage: https://kodi.tv/download For Raspberry Pi, we recommend using LibreELEC distribution available at: https://libreelec.tv/downloads_new

Tclsh script examples: how to generate router loop interfaces with IPv4 addresses

This example shows how to generate 254 loop interfaces with assigned ipv4 addresses 172.16.0.1/24 up to 172.16.255.1/24. The code is:

enable
tclsh
for {set i 0} {$i < 256} {incr i} {
ios_config "int loop $i" "ip address 172.16.$i.1 255.255.255.0"
}
ios_config "end"
tclquit

and you may just simply copy and paste it into a Cisco router CLI. Therefore first run tclsh within of privileged EXEC mode