Shell scripts for Security Onion manager node
For some reason a rebooted Security Onion manager node is perceived as a combined manager-search node (this is my hypothesis), filling up the /nsm filesystem with unnecessary, large amounts of data. Here are four shell scripts I find useful.
Read More → Shell scripts for Security Onion manager nodeAdventures in NetBSD/amd64 10.0
When the harddrives in the oldest virtualization server at $WORK died, I was virtually left without any test systems running the other BSDs and some select Linux distros. We have another virtualization server with plenty of resources, and I decided to try NetBSD/amd64 10.0-RELEASE, build a few packages, and upgrade the VM to 10.0-STABLE.
Read More → Adventures in NetBSD/amd64 10.0Autodesk 2025 products
Autodesk recently published the 2025 editions of their products. Most notably this time, with the exception of 3ds Max 2025, is that the file numbered 001_002 is a short .exe file, while the file numbered 002_002 is a complete 7-Zip archive.
Read More → Autodesk 2025 productsHardening OpenSSH 9.6/9.7 in FreeBSD
While following the suggestions of https://github.com/jtesta/ssh-audit/wiki/FreeBSD and security/py-ssh-audit 3.2.0, I figured it’s better to make adjustments to the startup script in libexec/rc/rc.d/sshd.
Read More → Hardening OpenSSH 9.6/9.7 in FreeBSDFHD and 8×16 font for FreeBSD guests in VirtualBox
I decided to play with FreeBSD 13.3-RC1 in VirtualBox. My display is capable of 1920×1200, and we must specify this both in the VirtualBox XML file for the guest and in the guest’s /boot/loader.conf. The font specification goes in the latter file.
Read More → FHD and 8×16 font for FreeBSD guests in VirtualBoxSecurity Onion 2.4.40 and so-elastalert running on the manager
We upgraded our Security Onion nodes today. We really had no choice. I was surprised to see the so-elastalert container normally running on the manager being unable to start. I happened to glance at the release notes, and tried the commands suggested there. Suffice it to say, I got nowhere.
Read More → Security Onion 2.4.40 and so-elastalert running on the managerKB5034441 and new Microsoft Windows 10 setups
In the aftermath of KB5034441, I experimented with creating a 1 GiB large Windows Recovery Partition on a new Microsoft Windows 10 VM, ensuring enough free space for KB5034441 and hopefully any later versions of the “Windows Recovery Environment.”
Read More → KB5034441 and new Microsoft Windows 10 setupsSecurity Onion 2.4.30, Zeek 6.0.2, and single IPv4 address in $HOME_NET
If Zeek on your forward node (sensor) keeps restarting and its detailed status never changes from “health: starting,” to simply “healthy,” have a look at zeek.config.networks.HOME_NET in the Grid Configuration.
Read More → Security Onion 2.4.30, Zeek 6.0.2, and single IPv4 address in $HOME_NETCisco Catalyst 9600 and fixed wire speeds
If you connect your Cisco Catalyst 9600 to equipment using fixed wire speeds, you may need to issue the speed nonegotiate command on affected switchports.
Read More → Cisco Catalyst 9600 and fixed wire speedsnetdata 1.42.2 and run as user = netdata
netdata was recently updated to 1.42.2 in the FreeBSD ports collection. The sample configuration file needs some adjustment.
Read More → netdata 1.42.2 and run as user = netdata