dnf remove $(rpm -qa | awk '/^kernel/' | grep -v $(uname -r))
Archive for the ‘Uncategorized’ Category

removing centos 8 old kernel/s
December 20, 2019
Installing Snort on CentOS7
July 18, 2019yum install -y gcc flex bison zlib libpcap pcre libdnet tcpdump wget
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y libnghttp2 daq
yum -y install https://www.snort.org/downloads/snort/snort-2.9.13-1.centos7.x86_64.rpm
ldconfig; mkdir /usr/local/lib/snort_dynamicrules
chmod -R 5775 /etc/snort; chmod -R 5775 /var/log/snort; chmod -R 5775 /usr/local/lib/snort_dynamicrules
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules /etc/snort/rules/local.rules
wget https://www.snort.org/rules/snortrules-snapshot-29140.tar.gz?oinkcode=9e71199b974cd3ff84c0ae2482d97758eab55363 -O ~/registered.tar.gz
tar -xvf ~/registered.tar.gz -C /etc/snort
vi /etc/snort/snort.conf
# Setup the network addresses you are protecting
output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
ipvar HOME_NET [172.20.0.0/20,172.20.16.0/23,172.20.32.0/20,192.168.20.0/24]
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules
# unified2
# Recommended for most installs
output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
vi /etc/sysconfig/snort
ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
nmtui
nmcli
snort -T -c /etc/snort/snort.conf
systemctl enable snortd
systemctl start snortd
yum -y install setroubleshoot setools
sealert -a /var/log/audit/audit.log
ausearch -c 'snort' --raw | audit2allow -M my-snort
semodule -i my-snort.pp
systemctl stop snortd
systemctl start snortd
ps xa | grep snort

Screen sharing not working after 1809 update
February 5, 2019I found the following registry entry is missing. You will need to run regedit as Administrator to add the entry.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters
When you get here, click on Parameters – do not expand list – look for the parameter, MaxUserPort
NOTE: This is not plural – make sure spelling is accurate.
If this is not defined, please add the following:
New DWORD
Enter the name: MaxUserPort
Hit Enter to Accept the name.
Right click on the new entry and select Modify
Select Decimal and enter 5000 as the value.
Hit OK to accept new value and exit the dialog.
(15000 was recommend to test with. Then I reduced to the default in my final implementation. The reference to default value I took from here:
Then Reboot your machine and give it a whirl!
Hope this helps!