• List of iSCSI Mutual CHAP Posts by OS
  • Tools and Utilities for Windows
  • Unix and Linux Distros

slice2

slice2

Monthly Archives: January 2016

HOWTO install the XFCE 4.12 Desktop on NetBSD 7

30 Saturday Jan 2016

Posted by Slice2 in NetBSD, XFCE

≈ 4 Comments

Tags

NetBSD, XFCE

This is an update to previous posts for NetBSD 6x:
http://slice2.com/2015/01/03/howto-install-the-xfce-4-desktop-on-netbsd-6-1-5/
http://slice2.com/2013/10/10/howto-install-the-xfce-4-desktop-on-netbsd-6-1-2/

For a lightweight functional desktop on NetBSD, install XFCE. As root, perform the following steps. This covers 32 and 64 bit x86 hardware. Since NetBSD essentially runs on everything, simply adjust the repository path to your architecture from the list here: http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/

Note that your hardware support may vary. Especially for video cards. Although NetBSD runs on everything, the command line always gets the most love. Video card support can be hit or miss.

1) Setup your binary repository.
> mkdir -p /usr/pkg/etc/pkgin
> touch /usr/pkg/etc/pkgin/repositories.conf
> vi /usr/pkg/etc/pkgin/repositories.conf and add path:

For x64
http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/7.0_2016Q1/All/

For x32
http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/7.0_2016Q1/All/

2) Add the NetBSD ftp server to your host file. This is for convenience and can be removed when done.
> vi /etc/hosts and add:
199.233.217.201 ftp.netbsd.org

3) Export your path.
Note: I don’t know why the encoded quote characters keep appearing after /ALL/ in the path statements below. It must be an html coding issue and I’m not a developer. Just make sure that at the end of the path statement it ends with /7.0_2016Q1/ALL/” with no trailing characters. In other words, it should look like the paths depicted in step 1 above only it must end in a ” character.

For x64:
> export PKG_PATH=”http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/amd64/7.0_2016Q1/All/”

For x32:
> export PKG_PATH=”http://ftp.netbsd.org/pub/pkgsrc/packages/NetBSD/i386/7.0_2016Q1/All/”

4) Install the latest version of pkgin on your system.
> pkg_add -v pkgin-*

5) Update the pkgin database and install XFCE.
> pkgin update

> pkgin install xfce4
calculating dependencies… done.

nothing to upgrade.
121 packages to be installed (251M to download, 887M to install):

nettle-3.1.1 libtasn1-4.5 libcfg+-0.6.2nb3 gmp-6.0.0a libproxy-0.4.11 libgpg-error-1.20 libcddb-1.3.2nb1 p5-Business-ISBN-Data-20140910.002nb1 py27-cElementTree-2.7.10 libIDL-0.8.14nb4 at-spi2-core-2.16.0 icu-55.1nb1 libepoxy-1.3.1nb1 at-spi2-atk-2.16.0 ORBit2-2.14.19nb4 gobject-introspection-1.44.0 p5-Business-ISBN-2.09nb1 usbids-20081118 pciids-20150907 libvolume_id-0.81.1nb1 hal-info-20091130nb4 libcdio-0.93nb3 libgcrypt-1.6.4 glib-networking-2.36.2nb2 readline-6.3nb3 popt-1.16nb1 mit-krb5-1.10.7nb7 libiconv-1.14nb2 gnutls-3.3.18 gettext-lib-0.19.4 jbigkit-2.1 fribidi-0.19.7 enca-1.15 libogg-1.3.2 libidn-1.32 xvidcore-1.3.3 x264-devel-20150717 libvpx-1.4.0nb1 libtheora-1.1.1nb2 libass-0.12.2 lame-3.99.5nb3 tiff-4.0.6 lcms2-2.7 poppler-0.34.0 samba-3.6.25nb2 libsoup-2.50.0 libgnome-keyring-3.12.0 libcdio-paranoia-0.93nb1 hal-0.5.14nb16 p5-URI-1.69 xcb-util-0.4.0 libvorbis-1.3.5 libltdl-2.4.2 gstreamer0.10-0.10.36nb8 GConf-2.32.4nb10 iso-codes-3.61 gtk3+-3.16.6nb1 xmlcatmgr-2.2nb1 perl-5.22.0 pcre-8.38 libelf-0.8.13nb1 lzo-2.09 harfbuzz-1.0.3 cairo-gobject-1.14.2nb1 libffi-3.2.1 libxml2-2.9.2nb3 gnome-icon-theme-3.12.0 shared-mime-info-1.4 python27-2.7.10 py27-expat-2.7.10 pango-1.37.1 cairo-1.14.2nb1 atk-2.16.0 gtksourceview2-2.10.5nb24 glib2-2.44.1nb1 policykit-0.9nb18 xfce4-garcon-0.5.0 xfce4-conf-4.12.0nb2 libxklavier-5.0nb5 libglade-2.6.4nb22 libcanberra-0.27nb5 vte-0.28.1nb16 startup-notification-0.12nb3 xfce4-exo-0.10.6 libxfce4util-4.12.1nb1 libnotify-0.7.6nb2 libexif-0.6.21 gvfs-1.6.7nb17 poppler-glib-0.34.0 png-1.6.20 openjpeg-2.1.0 libgsf-1.14.34 jpeg-9anb1 gdk-pixbuf2-2.30.8nb1 ffmpegthumbnailer-2.0.8nb4 ffmpeg1-1.2.12nb1 dbus-glib-0.104 dbus-1.10.0nb1 curl-7.44.0 libxfce4ui-4.12.1nb2 libwnck-2.30.6nb18 hicolor-icon-theme-0.13 desktop-file-utils-0.22 xfce4-xarchiver-0.5.4nb1 xfce4-wm-themes-4.10.0nb1 xfce4-wm-4.12.3 xfce4-tumbler-0.1.31nb3 xfce4-thunar-1.6.10nb1 xfce4-terminal-0.6.3nb1 xfce4-settings-4.12.0nb1 xfce4-session-4.12.1 xfce4-panel-4.12.0nb1 xfce4-orage-4.12.1 xfce4-mousepad-0.4.0nb1 xfce4-gtk2-engine-3.2.0nb1 xfce4-desktop-4.12.3 xfce4-appfinder-4.12.0nb1 gtk2+-2.24.28 elementary-xfce-icon-theme-0.6 xfce4-4.12.0nb2

proceed ? [Y/n] Y

6) Add fonts, fam, screen lock and file manager.
> pkgin install font-adobe-75*
> pkgin install font-adobe-100*
> pkgin install font-adobe-utopia*
> pkgin install xscreensaver
> pkgin install fam
> pkgin install tbd (dependency of thunar)
> pkgin install gvfs (dependency of thunar)
> pkgin install xfce4-thunar

> cp /usr/pkg/share/examples/rc.d/famd /etc/rc.d/
> cp /usr/pkg/share/examples/rc.d/dbus /etc/rc.d/
> cp /usr/pkg/share/examples/rc.d/hal /etc/rc.d/

> echo rpcbind=YES >> /etc/rc.conf
> echo famd=YES >> /etc/rc.conf
> echo dbus=YES >> /etc/rc.conf
> echo hal=YES >> /etc/rc.conf

> /etc/rc.d/rpcbind start
> /etc/rc.d/famd start
> /etc/rc.d/dbus start
> /etc/rc.d/hal start

7) Configure X and start the desktop for the first time. Note that you should not start X as root. Run the following for users on the system. For example, the user slice2 would be setup as:
> echo xfce4-session >> /home/slice2/.xinitrc
> ln /home/slice2/.xinitrc /home/slice2/.xsession
> su – slice2
> startx   (note: be patient, it may take a minute to load)
a) When prompted, select use default config. In the upper left, select Applications > Log out.

8) Install apps as desired. This step is optional. Enter Y when asked to proceed ? [Y/n] for each app.
Browsers and plugins:
> pkgin install firefox
> pkgin install opera
> pkgin install xpdf
> pkgin install flashplayer
> pkgin install openquicktime
> pkgin install mozilla-fonts*
> pkgin install icedtea-web
a) when done installing icedtea-web, run the three commands below to configure avahi.
> cp /usr/pkg/share/examples/rc.d/avahidaemon /etc/rc.d/avahidaemon
> chmod 0755 /etc/rc.d/avahidaemon
> echo avahidaemon=YES >> /etc/rc.conf

Install security apps, utils and shells:
> pkgin install wireshark
> pkgin install nmap
> pkgin install iftop
> pkgin install keepassx
> pkgin install bash
> pkgin install lsof
> pkgin install mhash
> pkgin install nbtscan
> pkgin install netcat
> pkgin install vim

GUI ftp/scp client:
> pkgin install filezilla

Office Suite and multimedia:
> pkgin install libreoffice*
> pkgin install xmms
> pkgin install xfce4-xmms-plugin
> pkgin install xcdroast
> pkgin install xcalc
> pkgin install vlc
> pkgin install tree

You can launch liberoffice from Applications > Office, or enter the soffice command in an xterm.

9) Now that all your apps are installed, start your desktop.
> su – slice2 (su to your user account)
> startx

Enabling TLS 1.2 on the Splunk 6.2x Console and Forwarders using Openssl and self signed certs.

01 Friday Jan 2016

Posted by Slice2 in Security, Splunk

≈ Leave a comment

Tags

Security, Splunk

Good luck. You will need it. Certificates are a major headache and complicated to implement. Using them with Splunk is no different. Splunk’s penchant for twiddling files all over the place makes this process time consuming an rife with error. This post will hopefully help you get it done. This covers encrypting the management console and forwarder traffic. This HOWTO is not for a clustered deployment although it could be adapted to serve that purpose. It was done on Windows 2012 R2 with a single Splunk Enterprise deployment (search head and indexer on the same server) and several forwarders. Use your own naming conventions and hosts for fqdn. Please don’t ask me questions on this post. I almost didn’t survive the process. I won’t have time to reply for a while anyway.

1) On the Splunk Search Head, set your environment.

> cd C:\Program Files\Splunk\bin
> splunk envvars > setsplunkenv.bat & setsplunkenv.bat
> setsplunkenv.bat

2) Create dir $SPLUNK_HOME\etc\auth\UScerts and cd into it.

> cd C:\Program Files\Splunk\etc\auth\UScerts

3) Create a root key.
> openssl genrsa -aes256 -out USCA_root.key 2048

4) Generate and sign the certificate.
> openssl req -new -key USCA_root.key -out USCA_root.csr

5) Generate the public certificate.
> openssl x509 -req -in USCA_root.csr -sha256 -signkey USCA_root.key -CAcreateserial -out USCA_root.pem -days 3650

6) Generate a key for your Web(search head)server certificate.
> openssl genrsa -aes256 -out me.fqdn.com.key 2048

7) Request and sign a new server certificate.
> openssl req -new -key me.fqdn.com.key -out me.fqdn.com.csr

8) Use the CSR me.fqdn.com.csr and your CA certificate and private key to generate a server certificate.
> openssl x509 -req -in me.fqdn.com.csr -sha256 -CA USCA_root.pem -CAkey USCA_root.key -CAcreateserial -out
me.fqdn.com.pem -days 730

9) Creating a (removing encryption from priv key) priv key without a passphrase. Required for webservers.
> openssl rsa -in me.fqdn.com.key -out me.fqdn.com_nopass.key

10) Create a combined cert file.
> type me.fqdn.com.pem me.fqdn.com_nopass.key USCA_root.pem > me.fqdn.com_nopass_use.pem

11) On the search head, edit the \etc\system\local\web.conf and add the following:
[settings]
enableSplunkWebSSL = 1
httpport = 8843
privKeyPath = etc\auth\UScerts\me.fqdn.com_nopass_use.pem
CaCertPath = etc\auth\UScerts\USCA_root.pem

Add to \etc\system\local\server.conf

enableSplunkdSSL = true
sslVersions = tls1.2
allowSslCompression = false
allowSslRenegotiation = false
cipherSuite = TLSv1+HIGH:@STRENGTH

12) Restart Splunk. Close your browser, relaunch and login to the console to verify (make sure to use the port defined above in web.conf; https://hostname or ip:8843).  If you scan with Nessus, Retina, etc., it should now be free from SSL errors.

Certs for Forwarders:

Create a SAN (subject alternative name) cert. Although not officially supported by Splunk when I originally wrote this, it does work.

1) Create a new folder in etc\auth\UScerts\SANcert.

2) Copy the openssl.cnf to the new folder.  C:\Program Files\Splunk\openssl.cnf to C:\Program Files\Splunk\etc\auth\UScerts\SANcert

> cd C:\Program Files\Splunk\etc\auth\UScerts\SANcert

3) In Windows 2012 R2 – Take ownership of the copied openssl.cnf file. Right-click > properties, and then add your user with Full Control to the file.

4) In Notepad or Wordpad, edit openssl.cnf. Wordpad is preferred.

a) Search (using the Find function in the upper right of Wordpad) and uncomment this line:
# req_extensions = v3_req # The extensions to add to a certificate request

b) Next, search for and modify this section to include the following if it does not already have it:
[ v3_req ] # Extensions to add to a certificate request
basicConstraints = CA:FALSE
keyUsage = nonRepudiation, digitalSignature, keyEncipherment
subjectAtlName = @alt_names

c) Create this section next, between [ v3_req ] and [ v3_ca ].
[alt_names]
DNS.1 = your.server.com
DNS.2 = your.next.server.com
DNS.3 = your.other.server.com
IP.1 = an IP address for a server
IP.2 = another IP address for a server
— note, add as many as you like. You will need one for each forwarder if you want to identify them individually.

5) Generate a new CSR.
openssl req -new -key me.fqdn.com.key -out me.fqdn.com_SAN.csr -config “C:\Program Files\Splunk\etc\auth\UScerts\SANcert\openssl.cnf”

Make sure you use: *.your.fqdn for Common name question. This is the wildcard for your domain, such as *.yourdomain.com

6) Check text of cert csr. You should see the items in the alt_names from above.
> openssl req -text -noout -in me.fqdn.com_SAN.csr

7) Create a cert.
> openssl x509 -req -in me.fqdn.com_SAN.csr -sha256 -CA USCA_root.pem -CAkey USCA_root.key -CAcreateserial -out me.fqdn.com_SAN.pem -extensions v3_req -days 730 -extfile “C:\Program Files\Splunk\etc\auth\UScerts\SANcert\openssl.cnf”

8) On the Indexer, edit \etc\system\local\inputs.conf and add the following and restart Splunk.

[SSL]
rootCA = etc\auth\UScerts\USCA_root.pem
servercert = etc\auth\UScerts\me.fqdn.com_SAN.pem
password = your_password
cipherSuite = TLSv1+HIGH:@STRENGTH

[splunktcp-ssl:9997]
compressed = false

9) Now restart splunk:
$SPLUNK_HOME\bin\splunk restart splunkd

10) Configure your Forwarders to use the certificates. Use your Deployment Server to distribute the certs and modified outputs.conf to your forwarders.

a) On the Search head that is acting as your deployment server, edit the outputs.conf file in etc\deployment-apps\<your name for SendToIndexer>\local\ with the following.

[tcpout]
defaultGroup = splunkssl

[tcpout:splunkssl]
server = your.ip.:9997
compressed = false
sslRootCAPath = etc\apps\<your name for SendToIndexer>\USCA_root.pem
sslCertPath = etc\apps\<your name for SendToIndexer>\me.fqdn.com_SAN.pem
sslPassword = <your password>
sslVerifyServerCert = true

b) Copy the etc\auth\UScerts\USCA_root.pem and etc\auth\UScerts\me.fqdn.com_SAN.pem files to the etc\deployment-apps\<your name for SendToIndexer>\local folder on your deployment server and they will be copied to each Forwarder for you.

11) Restart Splunk.
$SPLUNK_HOME\bin\splunk restart splunkd

12) Done. I hope.

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Recent Posts

  • Patch Alma Linux 8.7 on an Offline or Air-Gapped System
  • HOWTO Remove /home logical volume and add that space to the root partition
  • Patch Rocky Linux 8.6 on an Offline or Air-Gapped System
  • HOWTO Install the Splunk Universal Forwarder on FreeBSD
  • HOWTO install a Splunk Universal Forwarder on Solaris 11 SPARC and x64 Using pkg(p5p) and tar
  • HOWTO install a Splunk Universal Forwarder on Solaris 10 SPARC and x64 Using pkgadd and tar
  • Recover Files from a Windows NTFS partition using Linux based SystemRescue
  • Sysmon Event ID 1 Process Creation rules for Splunk Universal Forwarder and McAfee All Access
  • Upgrading CentOS 7.2003 to 7.2009 on an Offline or Air-Gapped System
  • HOWTO Easily Resize the Default LVM Volume on Ubuntu 18.04
  • Create a Docker Container for your Cisco ESA, SMA or WSA Offline Content Updates
  • Apply the Mozilla Firefox STIG to Firefox on Ubuntu Linux 18.04
  • Dynamically Resize Those Tiny BlackArch Linux Terminals and Add a Scrollbar
  • Kali Linux OVA for Air-Gapped Use Build Process
  • HOWTO install the XFCE 4 Desktop on NetBSD 8.1
  • Build a Kali Linux ISO with the latest OS patches and packages
  • HOWTO quickly STIG Firefox 59.01
  • HOWTO mount a Synology NAS SMB share on Linux with SMBv1 disabled
  • Howto safely delete the WSUS WID on Windows 2012R2
  • HOWTO quickly STIG Firefox 45.0.1
  • Completing the vSphere vCenter Appliance Hardening Process
  • HOWTO install the XFCE 4.12 Desktop on NetBSD 7
  • Enabling TLS 1.2 on the Splunk 6.2x Console and Forwarders using Openssl and self signed certs.
  • HOWTO enable SSH on a Cisco ASA running 9.1.x
  • Apply a Windows 2012 R2 Domain GPO to a standalone Windows 2012 R2 server
  • Enable legacy SSL and Java SSL support in your browser for those old, crusty websites
  • HOWTO update FreeBSD 10.1 to the latest 11-current release
  • HOWTO Secure iSCSI Luns Between FreeBSD 10.1 and NetApp Storage with Mutual CHAP
  • HOWTO install the XFCE 4 Desktop on NetBSD 6.1.5
  • HOWTO Secure iSCSI Luns Between Ubuntu Server 14.10 and NetApp Storage with Mutual CHAP

Categories

  • Cisco (2)
  • ESXi (4)
  • FreeBSD (2)
  • HP (5)
  • iSCSI (12)
  • Linux (31)
  • Nessus (3)
  • NetApp (31)
  • NetBSD (10)
  • Oracle (9)
  • Security (48)
  • Solaris (9)
  • Splunk (5)
  • VMware (19)
  • Windows (20)
  • Wireshark (4)
  • XFCE (3)

Archives

  • February 2023
  • August 2022
  • July 2022
  • April 2022
  • March 2022
  • February 2022
  • January 2022
  • November 2021
  • January 2021
  • December 2020
  • November 2020
  • August 2020
  • May 2020
  • September 2019
  • August 2019
  • March 2018
  • November 2016
  • March 2016
  • January 2016
  • November 2015
  • July 2015
  • June 2015
  • February 2015
  • January 2015
  • December 2014
  • November 2014
  • October 2014
  • September 2014
  • August 2014
  • July 2014
  • May 2014
  • April 2014
  • March 2014
  • February 2014
  • January 2014
  • December 2013
  • November 2013
  • October 2013
  • September 2013
  • August 2013
  • July 2013
  • June 2013
  • May 2013
  • April 2013
  • March 2013

Blogroll

  • Adobe Security Bulletins
  • CentOS Blog
  • Cisco Security Blog
  • CSO Magazine
  • DHS National Vulnerability Database
  • Eric Sloof's NTPRO
  • HT SSL Tests
  • Intel Corp Security Advisories
  • Internet Usage World Stats
  • Kali Linux Blog
  • Linux Mint Blog
  • Meltdown and Spectre
  • Microsoft Security Blog
  • Microsoft Security Intelligence Report
  • Microsoft Security Research & Defense
  • Microsoft Security Response Center
  • MITRE CVE Site
  • NetApp Blogs
  • NetBSD Blog
  • Oracle OTN Security
  • Oracle Security Blog
  • PacketStorm
  • Redhat Security Blog
  • SC Magazine
  • Shodan Search Engine
  • US-CERT Alerts
  • US-CERT Bulletins
  • US-CERT Vulnerability Notes KB
  • VMware Blogs
  • VMware Security Advisories

Category Cloud

Cisco ESXi FreeBSD HP iSCSI Linux Nessus NetApp NetBSD Oracle Security Solaris Splunk VMware Windows Wireshark XFCE

Follow Blog via Email

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 38 other subscribers

Powered by WordPress.com.

 

Loading Comments...