megaeggz

Tag: cybersecurity

  • Crowdsec

    Crowdsec is a cool cyber security solution. You can install it on your Linux server and it will run as a daemon. Upon starting it will have a look which services you have running and start to read those logs and flag up shady behaviour.

    You can install a remediation component and it will … remediate those issues. In this case an ip tables remediation component will block the abusing IP, so it becomes similar to fail2ban in this regard.

    In addition you can enrol in their cloud service for free. This gives you monitoring from the cloud dashboard and the ability to implement blocklists that will block IPs that have been flagged by others.

    So yeah it’s pretty easy to set up. Feel free to set up your applications first because when crowdsec is set up it will detect the alerts coming from those services, in my case nginx.

    Official docs:

    https://doc.crowdsec.net/u/getting_started/installation/linux/

    In my case I have been using Rocky Linux 9.7

    Manual repo installation is best because piping a random script of the internet to sudo bash is never a good idea 🫠 what could be in the script!? (then again we are installing their software and just trusting that, the paranoid among us can comb the source code, build that and repeat every time the repo is updated)

    dnf install crowdsec -y

    This package is just to scan the logs and detect the issues

    setsebool -P httpd_can_network_connect 1

    In my instance since selinux was switched on I had to allow this bool. In addition the crowdsec service would not start because I was already running something at port 8080. So I had to edit these files

    vim /etc/crowdsec/local_api_credentials.yaml

    Edit this line to not be 8080

    url: http://127.0.0.1:8081

    Also edit listen uri in this file vim /etc/crowdsec/config.yaml


    api:
    client:
    insecure_skip_verify: false
    credentials_path: /etc/crowdsec/local_api_credentials.yaml
    server:
    log_level: info
    listen_uri: 127.0.0.1:8081

    I started writing this a while ago and life just happens to you I guess! 🤣 All in all it’s a great security solution especially if you’ve only got a couple of VPSs and they’re european so have solud data protection rules. Peace!

  • RIPE NCC BGP security associate

    If you go to this site there a few free networking courses:

    academy.ripe.net/

    To those who don’t know RIPE are responsible for handing out IP addresses to orgs in Europe and some of the middle east too!

    They have very high quality courses for free. The exams you get for free if your organisation is a member…. however if you look out on mastodon they give out exam vouchers in the summer if you complete one of their courses

    https://mastodon.social/@ripencc

    They are a very friendly bunch!