Friday, April 21, 2023

Wednesday, August 12, 2020

Extend XFS Linux partition

Summary

  • Running CentOS 8 on VMWare.

Steps

  • Increase disk volume size in VMWare
  • Reboot or scan for disk changes
    • ls /sys/class/scsi_device/
    • echo 1 > /sys/class/scsi_device/0\:0\:1\:0/device/rescan
  • SSH to server
  • Run the following commands (note: server data disk located at /dev/sdb)

yum install cloud-utils-growpart
growpart /dev/sdb 1
xfs_growfs -d /dev/sdb1

Thursday, February 13, 2020

Receive notifications on pfsense ipsec or openvpn connection/disconnection

A couple of scripts to receive notifications for ipsec or openvpn (dis)connections on your pfsense firewall. This was tested with a Netgate SG-5100 firewall with pfsense version 2.4.4-RELEASE-p3 (amd64).

https://github.com/ChadDevOps/pfsense-vpn-notifications

SSH

  • SSH to your pfsense firewall. Upload files to /root/
  • chmod 755
 4 -rwxr-xr-x   1 root  wheel   1999 Jul 17  2019 ipsec.php
 4 -rwxr-xr-x   1 root  wheel    198 Jul 17  2019 notify.php
 4 -rwxr-xr-x   1 root  wheel    308 Jul 17  2019 openvpnconnect.sh
 4 -rwxr-xr-x   1 root  wheel    498 Jul 17  2019 openvpndisconnect.sh

Open VPN

For open VPN:
  • Login to GUI
  • VPN
  • Edit your OpenVPN Server
  • Under Advanced Configuration, Custom options, add the following line:
client-connect /root/openvpnconnect.sh;client-disconnect /root/openvpndisconnect.sh;

ipsec

Create cron to run every minute or so. This will not give exact times for connect/disconnect but within a 60 second window.
  • Login to GUI
  • Services
  • Cron
* * * * * root /usr/local/bin/php /root/ipsec.php > /dev/null 2>&1

Notifications

Setup your SMTP server. The above files utilize pfsense's php functions to send via the send_smtp_message function
  • Login to GUI
  • System
  • Advanced
  • Notifications Tab

Wednesday, February 12, 2020

Tuesday, February 11, 2020

AWS Kibana Open Distro Alerting to MS Teams

MS Teams is a collaboration tool similar to Slack and it comes free with office365 business subscriptions. Below is a query to update the Kibana alerting trigger message (that comes with Open Distro) to use the MS Teams message card.

Note, this will only update the first trigger. If anyone scripts this to update all triggers, please comment below.

Run the query from Kibana dev tools.

Friday, February 7, 2020

Ubuntu 18.04 Installing ClamAV with clamonacc

A quick guide to installing ClamAV with clamonacc on Ubuntu 18.04.

Note: This was installed on a virtualmin server with clamav. Existing clamav was removed/purged via apt-get and reinstalled. clamd.conf reflects settings as part of virtualmin and clamonacc.

Install clamav and mailx

sudo apt-get install -y bsd-mailx clamav clamav-base clamav-daemon clamav-docs clamav-freshclam

Create Quarantine Folder

mkdir /root/quarantine


Create the following files (see gist files below at end of blog or here)
  • /etc/systemd/system/clamonacc.service
  • /etc/clamav/clamd.conf
  • /etc/clamav/detected.sh
Modify them as needed (paths, email addresses, settings, etc)

Enable services

systemctl enable clamav-daemon.service
systemctl enable clamonacc.service
systemctl enable clamav-freshclam.service

Add root to clamav group

Clam, by default, will run under the clamav user and group. You can choose to keep/configure this or run as root. If you scan /root or folders owned by root you can encounter lstat() errors while running under the clamav user.

usermod -a -G clamav root

Crons

00 01,13 * * *  /usr/bin/freshclam --quiet
0 19 * * 1-5 nice -n 16  systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass /home /tmp  >/dev/null 2>&1
0 6 * * 6 nice -n 18  systemd-cat --identifier="clamav-scan" clamdscan --quiet --fdpass /  >/dev/null 2>&1

Final Step
  • Reboot
Gist Files