Introduction Sometimes, you need to figure out what type of system you’re running on during a script. A really good example of this is when interfacing with yum or apt, or adding selinux configurations. This can be difficult :/ Enter /etc/os-release a really handy file that can be included into any shell script . /etc/os-release or bash script source /etc/os-release to determine common OS attributes. Information such as the distribution name, version and URLs to maintainers can be found in here, hurray!
Introduction How cool would it to have access to a vast collection of honeypots, collecting statistics on attack trends, new techniques and targeted hot spots! Imagine if you could be like, oh daymm, that new PulseVPN vulnerability is pretty bad, I wonder if it’s being actively exploited? Let’s see… 1 curl https://securitynotsupported.com/honeypot/deploy?type=pulsevpn?location=china,london,washington wait’s 3 days… Huh, yea it is. Neat! I’ve started a project called HoneypotDB, the plan is to build a global network of VMs hosting a range of honeypot types, as well as some specific honeypots for newly released exploits and vulnerabilities like BlueKeep or web application exploits.
We all know encryption is super important, and especially when data is traversing your network, but sometimes it can be a messy generating Self Signed certificates for all your applications and servers. Cert tracking and management is a pain and it just looks a bit, shit. Enter OpenSSL, a nifty package that allows you to do pretty much anything SSL/TLS, including making and managing your own X.509 Certificate Authority! Pretty cool right?
Psst, there is a new vresion of this post! Check out my latest revision of this script in a later post that uses Python! Introduction Wazuh is a really neat host-based IDS system, originally forked from OSSEC and tailored to more easily tie in with fileBeat and elasticSearch. More on Wazuh can be found here, https://wazuh.com/. Alerts generated by Wazuh can be sent out an email by Wazuh itself, but it can be hard to track, manage and respond to alerts via plain old email.