Tag Archives: opensource

Suricata rule management using Oinkmaster

It is possible to download and install rules manually, but there is a much easier and quicker way to do so. There are special programs which you can use for downloading and installing rules. For example, Pulled Pork and Oinkmaster. Here I’m going to show how to install & use Oinkmaster.

To install Oinkmaster, enter:

sudo apt-get install oinkmaster

There are several rulesets available. There are Emerging Threats (ET), ET Pro and VRT. In this example we are using ET Free edition.

Oinkmaster need to know where these rules can be found. These rules can be found at:
http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

To configure your Oinkmaster rules location, open oinkmaster.conf and add the link/url as below:

sudo nano /etc/oinkmaster.conf

Then add this line below:
url = http://rules.emergingthreats.net/open/suricata/emerging.rules.tar.gz

In the new rules directory, a file named classification.config and reference.config can be found. The directories of both need to be added into suricata.yaml file. Do so by entering as below:

sudo nano /etc/suricata/suricata.yaml

Add this line below:

classification-file: /etc/suricata/rules/classification.config
reference-config-file: /etc/suricata/rules/reference.config

Let’s try run the Oinkmaster:

sudo oinkmaster -C /etc/oinkmaster.conf -o /etc/suricata/rules

The rules in locate at /etc/suricata/rules.

  • https://redmine.openinfosecfoundation.org/projects/suricata/wiki/Rule_Management_with_Oinkmaster
  • https://web.nsrc.org/workshops/2015/pacnog17-ws/raw-attachment/wiki/Track2Agenda/ex-suricata-rules.htm

Python Error – ImportError: No module named pkg_resources

There is one time I tried to install some python package via pip install requirement. But I encountered some error like this:

    from pkg_resources import load_entry_point
ImportError: No module named pkg_resources

To fix the issue, run the setup script for setuptools:

wget https://bitbucket.org/pypa/setuptools/raw/bootstrap/ez_setup.py -O - | python

Yeah. it solve my problem. Probably. XD

Credit:
http://stackoverflow.com/questions/7446187/no-module-named-pkg-resources

Fix Locale problem on Ubuntu

Recently, I saw this kind or error quite frequent. At first I thought that it was nothing.
But eventually, it’s kinda bothering me when I see the error message :p

Jul  6 15:18:01 lel CRON[25571]: pam_env(cron:session): Unable to open env file: /etc/default/locale: No such file or directory
Jul 6 15:31:50 lel sshd[29217]: pam_env(sshd:session): Unable to open env file: /etc/default/locale: No such file or directory

So, here is the solution to solve this problem.
First, run this command:

sudo update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8

It updates /etc/default/locale with provided values.

If you see the /etc/default/locale file, it shows something like this:

#  File generated by update-locale
LANG=en_US.UTF-8
LC_ALL=en_US.UTF-8

If the problem still occur, maybe you can try this first before running the command above again:

sudo locale-gen en_US.UTF-8
sudo dpkg-reconfigure locales

Credit:
http://askubuntu.com/questions/162391/how-do-i-fix-my-locale-issue/505424#505424

SNMP Cannot Find Module on Ubuntu 14.04

If you encounter error something like this:

Cannot find module (SNMPv2-MIB): At line 0 in (none)
Cannot find module (SNMPv2-SMI): At line 0 in (none)
Cannot find module (SNMP-NOTIFICATION-MIB): At line 0 in (none)
Cannot find module (SNMPv2-TM): At line 0 in (none)

Then, where are in the same path. Path where we searching for the answers. XD
So, here is the solution to solve this error.

First, edit this sources.list file:

sudo vi /etc/apt/sources.list

add this line to the end of file:

deb http://fr.archive.ubuntu.com/ubuntu precise main multiverse

:w to save and :q to exit vi editor

Then, install this packages:

sudo apt-get install snmpd snmp-mibs-downloader

And then run this:

sudo download-mibs

Voila! Done. Hope it helps. πŸ™‚

Ubuntu – Authentication token manipulation error

Authentication token manipulation error on Ubuntu
Authentication token manipulation error on Ubuntu

Recently, I forgot my “root” password for my Ubuntu (duh!). So I try attempting to change my “root” password by selecting recovery mode on the grub menu and dropped into a root shell prompt.

Everything works perfect until I try to change the password. The picture above is what I get when i try to change the password. πŸ™

So, to solve this, just run this on the prompt:

mount -rw -o remount /

Anddddd… Walla! Try to reset the password again and it works! πŸ™‚

Hash sum mismatch error on Ubuntu

I think most of you will encounter with this kind of problem if you are using the previous version of Ubuntu.

W: Failed to fetch gzip:/var/lib/apt/lists/partial/us.archive.ubuntu.com_ubuntu_dists_natty_main_source_Sources  Hash Sum mismatch, 
E: Some index files failed to download. They have been ignored, or old ones used instead.

The solution is to remove the content of /var/lib/apt/lists directory:

sudo rm /var/lib/apt/lists/*

then run:

sudo apt-get update

Credit to askubuntu.com

WordPress HTTP error on image upload (Nginx)

HTTP Error during image upload on wordpress
HTTP Error during image upload on wordpress

Recently, I’ve encountered this kind of problem. Maybe because it has been awhile I’m not uploading any images to my post :p

Anyway, if you came out with this kind of error and using Nginx as your web engine, here how to solve it.

Add:

client_max_body_size 100m;

to your nginx .conf file.

For example, mine looks something like this:

server {
        listen 80;
        root /usr/share/nginx/www;
        index index.php index.html index.htm;
#
        fastcgi_buffers 8 16k;
        fastcgi_buffer_size 32k;
        fastcgi_read_timeout 180;
        client_max_body_size 100m;
#
        location / {

Hope it helps. πŸ™‚

Credit to aaronjholbrook

Disable IPv6 on Ubuntu

If you want to disable IPv6 on your server, below is the step to do it.

  1. Edit this file:
nano /etc/sysctl.conf
  1. Add these lines to the bottom of the file:
net.ipv6.conf.all.disable_ipv6 = 1
net.ipv6.conf.default.disable_ipv6 = 1
net.ipv6.conf.lo.disable_ipv6 = 1
  1. Run this command on your terminal:
sudo sysctl -p

Done!

Enable graphical root login on ubuntu 12.04

In Ubuntu, user “root” won’t show up as an options to login, which you need to adjust the Ubuntu to allow login as “root”.

Run this command below in your terminal (as normal user with sudo):

sudo passwd root
sudo sh -c 'echo "greeter-show-manual-login=true" >> /etc/lightdm/lightdm.conf'

Reboot and then you should be able to login as root using graphical user login.