Archive for the ‘Uncategorized’ Category

h1

Installing Snort on CentOS7

July 18, 2019

yum install -y gcc flex bison zlib libpcap pcre libdnet tcpdump wget
yum install -y https://dl.fedoraproject.org/pub/epel/epel-release-latest-7.noarch.rpm
yum install -y libnghttp2 daq
yum -y install https://www.snort.org/downloads/snort/snort-2.9.13-1.centos7.x86_64.rpm
ldconfig; mkdir /usr/local/lib/snort_dynamicrules
chmod -R 5775 /etc/snort; chmod -R 5775 /var/log/snort; chmod -R 5775 /usr/local/lib/snort_dynamicrules
touch /etc/snort/rules/white_list.rules /etc/snort/rules/black_list.rules /etc/snort/rules/local.rules
wget https://www.snort.org/rules/snortrules-snapshot-29140.tar.gz?oinkcode=9e71199b974cd3ff84c0ae2482d97758eab55363 -O ~/registered.tar.gz
tar -xvf ~/registered.tar.gz -C /etc/snort

vi /etc/snort/snort.conf
# Setup the network addresses you are protecting
output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types
ipvar HOME_NET [172.20.0.0/20,172.20.16.0/23,172.20.32.0/20,192.168.20.0/24]
var SO_RULE_PATH /etc/snort/so_rules
var PREPROC_RULE_PATH /etc/snort/preproc_rules
var WHITE_LIST_PATH /etc/snort/rules
var BLACK_LIST_PATH /etc/snort/rules
# unified2
# Recommended for most installs
output unified2: filename merged.log, limit 128, nostamp, mpls_event_types, vlan_event_types

vi /etc/sysconfig/snort
ln -s /usr/lib64/libdnet.so.1.0.1 /usr/lib64/libdnet.1
nmtui
nmcli
snort -T -c /etc/snort/snort.conf
systemctl enable snortd
systemctl start snortd
yum -y install setroubleshoot setools
sealert -a /var/log/audit/audit.log
ausearch -c 'snort' --raw | audit2allow -M my-snort
semodule -i my-snort.pp
systemctl stop snortd
systemctl start snortd
ps xa | grep snort

h1

Screen sharing not working after 1809 update

February 5, 2019

I found the following registry entry is missing. You will need to run regedit as Administrator to add the entry.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Tcpip\Parameters

When you get here, click on Parameters – do not expand list – look for the parameter, MaxUserPort

NOTE: This is not plural – make sure spelling is accurate.

If this is not defined, please add the following:

New DWORD

Enter the name: MaxUserPort

Hit Enter to Accept the name.

Right click on the new entry and select Modify

Select Decimal and enter 5000 as the value.

Hit OK to accept new value and exit the dialog.

(15000 was recommend to test with. Then I reduced to the default in my final implementation. The reference to default value I took from here:

https://support.microsoft.com/en-us/help/196271/when-you-try-to-connect-from-tcp-ports-greater-than-5000-you-receive-t)

Then Reboot your machine and give it a whirl!

Hope this helps!

h1

GoPro HJC FG-17 chin mount

May 2, 2016