The Raspberry Pi units are small and don’t use much power. If you have one or two to spare, why not use them to explore the sweet smell of honeypots?
First of all, a warning: Even though honeypot software is usually isolated from the underlying operating system, bugs do exist and accidents can happen. You should not run any other services on a system hosting honeypot software.
I would not recommend running an unattended ... [continue reading]
Modern file systems, and even storage systems, might have built-in deduplication, but common file systems still do not. So checking for redundant data and do deduplication when possible might save disk space.
Once up on a a time, there was a system, were we had this 6TB spool of binary files on an production ext4 file-system, and the volume was running out of disk space. The owner of the data thought it likely that there were duplicates in the vast ... [continue reading]
Monitoring Java applications can be a painful operation that often require lots of configuration, with technologies like byte code instrumentation and JMX, you can literally have thousands of Metrics to choose from just from a single Java application. This post will talk about JMole which has good sensible defaults that makes monitoring java applications much less painful.
JMole is an excellent monitoring client framework for gathering data dynamically from various Java MBeans (Java 6 and higher). It consists of a ... [continue reading]
A firewall activity plot for showing port access. The temptation was just a bit too great to ignore, so I chose to see it as a canvas for artwork. All I should need to do is to convert a PNG image to series of nmap commands, easy right?
First off, lets determine the actual size of the canvas – I mean plot. The graph area is 1040x417 pixels, but since the graph is logarithmic, ... [continue reading]
For some time now, I’ve been graphing all unsolicited network traffic destined for my network. For instance, it’s quite useful for detecting slow scans, which will show up as the diagonally aligned green scatter points in this plot (click to zoom):
Other scans and probes often happen faster, when the attacker isn’t much concerned about being detected. These will appear in the ... [continue reading]
This is the second of three posts about Elastic Stack.
The Elastic Stack service is available to anyone who can reach it by default. This allows you to choose your security level and tools to provide it.
A simple search on Shodan for Kibana or Elasticsearch will quickly reveal that many do not secured their logs. I hope this post will encourage you to do so.
One efficient way to increase security is to place Elasticsearch and Kibana ... [continue reading]
For cattle purposes, it makes sense to follow a build-once-run-many principle. This is what we prefer for the machines powering our infrastructure. The current build method for deployments uses the tool-chain from the virt-manager project to achieve this.
The combination of virt-install(1) and virt-builder(1) provides a layered approach for generating disk-images. Those images can then be used as a base for constructing images for the different environments that we support:
bash has many things that just works automagically. Did you know it has a built-in pseudo-random number generator? Let’s play games!
Before continuing, note that this is pseudo-randomization with a small footprint. DO NOT use it for security, scrambling, passwords, or anything even scarcely security related.
The random function in bash is called by the magic variable RANDOM. It gives you a more or ... [continue reading]
As mentioned in a previous blog entry, this site is deployed to an S3 website bucket when the Git master branch receives a push. I will here explain how we created and configured the website bucket in question, as well as explain the varnish configuration in front of it.
The S3 storage we use is Ceph with a S3-compatible Ceph Object Gateway (radosgw) interface, but the process should work for any S3 compatible storage with website-bucket functionality.
In this ... [continue reading]
It’s easy to get lost in Windows large event logs and log files during troubleshooting, here to help are PowerShell cmdlets Get-EventLog and Get-Content.
These cmdlets shows PowerShell’s strength comparing to the built-in GUI-tools in Windows. Let’s start with cmdlet Get-EventLog to get some information from an event log. Examples below is how I often work with these cmdlets when searching for logged events on hosts.
Start PowerShell from a command prompt by typing ... [continue reading]
