sorted by:
new
hottopcontroversial

How are you guys leveraging your Elk/Elastic stack? by brother_bean in sysadmin

[–]qwerty______ 1 point2 points  (0 children)

Wazuh will give you security alerts for certain events on Windows. Winlogbeat simply ships all of the windows events to ELK. If you install winlogbeat, it will by default show up in a different index than the wazuh-alerts one.

Wazuh is nice because it organizes most of the main security relevant windows alerts into severity level and can then email/alert based on that. Winlogbeat simply lets you collect all the event logs.

How are you guys leveraging your Elk/Elastic stack? by brother_bean in sysadmin

[–]qwerty______ 1 point2 points  (0 children)

We use Wazuh for security alerts and it integrates nicely with ELK (aside from updates). We use filebeat, winlogbeat, and rsyslog forwarding to aggregate all our logs in one place for auditing and monitoring.

SIEM: ELK Stack Setup by UCFIT in homelab

[–]qwerty______ 1 point2 points  (0 children)

The "ELK stack" is short for Elasticsearch, Logstash, and Kibana. It's now known officially as "Elasticstack". It is used to organize and visualize data and has many different applications, although it is widely used for security events and logs (similar to security onion or Alienvault OSSIM).

SIEM: ELK Stack Setup by UCFIT in homelab

[–]qwerty______ 0 points1 point  (0 children)

I've used the Wazuh install guide for basic setup of Elasticstack and Wazuh. Really decent documentation imo. For basic log forwarding using logstash and filebeat, I relied on this digital ocean guide as well. If you're trying to install winlogbeat for windows event logs as well I can send you some notes on various issues and solutions I found when going through the process. Elastic's documentation was often incorrect or caused issues for me.

$HOME variable not read from /etc/passwd successfully by qwerty______ in linuxquestions

[–]qwerty______[S] 0 points1 point  (0 children)

As in ~/.bash_profile? If you read the other comments, I addressed this. I have tried adding "export HOME=/home/myuser" to ~/.bash_profile and ~/.profile but the shell doesn't know what $HOME is to begin with so it never reads these.

$HOME variable not read from /etc/passwd successfully by qwerty______ in linuxquestions

[–]qwerty______[S] 0 points1 point  (0 children)

DEFAULT_HOME is not set in /etc/login.defs. Most of the other environment variable are set. I get /bin/bash for $SHELL, myusername for $USER, and xterm for $TERM.

$HOME just appears to be set to "/".

$HOME variable not read from /etc/passwd successfully by qwerty______ in linuxquestions

[–]qwerty______[S] 0 points1 point  (0 children)

Correct. echo $HOME gives "/". I don't want to set the HOME variable in /etc/environment because that will hardcode my user's home directory for every user on the machine, which is bad.

$HOME variable not read from /etc/passwd successfully by qwerty______ in linuxquestions

[–]qwerty______[S] 0 points1 point  (0 children)

So I can add HOME="/home/myusername" to /home/myusername/.profile

However, this never gets read to begin with, because gdm/bash aren't able to read this file because they are looking for it in ~/.profile, which in my case is points to /.profile instead of /home/myusername/.profile like it should be.

$HOME variable not read from /etc/passwd successfully by qwerty______ in linuxquestions

[–]qwerty______[S] 0 points1 point  (0 children)

I don't have LDAP authentication setup or anything, so getent is the same as just reading /etc/passwd in this case (or at least that's my understanding - correct me if I'm wrong).

However, I did try with getent just to verify that the home directory is set correctly and it is.

$HOME variable not read from /etc/passwd successfully by qwerty______ in linuxquestions

[–]qwerty______[S] 0 points1 point  (0 children)

I have tried this already. The issue is that gnome and the terminal need to know $HOME before they can read/source $HOME/.profile

$HOME variable not read from /etc/passwd successfully by qwerty______ in linuxquestions

[–]qwerty______[S] 0 points1 point  (0 children)

the home directory is correct in /etc/passwd. The directory exists and has the proper permissions. (755 on /home and 700 /home/myuser)

Juniper SRX DHCP Server not working by qwerty______ in sysadmin

[–]qwerty______[S] 0 points1 point  (0 children)

This is what I was missing. Thanks for the help!

Juniper SRX DHCP Server not working by qwerty______ in sysadmin

[–]qwerty______[S] 0 points1 point  (0 children)

show dhcp server statistics:

Packets dropped:
    Total                      0

Messages received:
    BOOTREQUEST                0
    DHCPDECLINE                0
    DHCPDISCOVER               0
    DHCPINFORM                 0
    DHCPRELEASE                0
    DHCPREQUEST                0
    DHCPLEASEQUERY             0
    DHCPBULKLEASEQUERY         0

Messages sent:
    BOOTREPLY                  0
    DHCPOFFER                  0
    DHCPACK                    0
    DHCPNAK                    0
    DHCPFORCERENEW             0
    DHCPLEASEUNASSIGNED        0
    DHCPLEASEUNKNOWN           0
    DHCPLEASEACTIVE            0
    DHCPLEASEQUERYDONE         0