Hi *,

it’s been a while since I last blogged, mainly busy with work and university. Good news though, I have finished my first thesis on OSSEC and PCI Compliance, and will probably upload it here at some point.

I just came up with the idea about writing a blog post about common pitfalls that I and almost every other OSSEC user will run into at some points.

Ehlo,

it’s been a long time since I last blogged. I’ve been a little busy with my ossec/thesis project, so there was barely any time to blog. However, last weekend (Saturday 21st November) I gave a talk about OSSEC integrated into an ELK stack (elasticsearch, logstash, kibana) environment. Turns out it was a great success, and to anyone who missed it, I put my slides online here

hi,

i’ve been playing around with OSSEC’s rootcheck module, which enables you to run system audits and system policy enforcement in the likes of CIS benchmark tests. in my previous blog post i briefly mentioned the CIS benchmark tests, which is basically just a framework of system checks. it scans your system for weaknesses that could be potentially exploited by intruders. the main focus is all things system security related, goes from SELinux configuration to secure boot settings and legacy system services (e.g telnet, rlogin, tftp and the likes). i think it helps a sysadmin to harden their systems by pointing out possible access points into the system – it certainly is a good guideline.

however back to the topic. as mentioned i’ve been running a few rootchecks and noticed a weird behavior. at that point i must say i haven’t been running the most recent version that is available on github instead i was running the latest stable version that is available through atomicorp’s yum repository. the version was 2.8.2

hi,

it certainly has been a while since my last post but for a very good reason. recently i’ve been playing around with OSSEC, a very cool host-ids. it took a while until i had a working lab environment, but now i’m all set up (still learning) but also making a lot of progress as i go and thus would love to share my issues and troubles i’ve run into. maybe this can be of help to someone who’s currently in the same pitfall.

today i want to share my experience regarding ossec and selinux, and how they work together (or in my case don’t work together).

hi there,

it’s been a while.

i have finally upgraded my linux desktop to arch linux, and wanted to sync my latest Garmin Forerunner data with my linux. it’s quite simple if you follow these next steps.

you probably heard about the most recent SSL (V3.0) exploit, POODLE. it’s been all over the news. but it was only a few days ago that I found a very good and prolific explanation on how POODLE happened and how it could stay as unnoticed for so many years. usually i write my own posts, but this time i let a very good blog/explanation speak for itself.

Ever thought that full-disk (hardware) encryption would provide full safety to your precious data? Well, then you thought wrong ;-)

As many of you probably heard today, a new severe bug has surfaced and effects numerous UNIX machines, be it either servers or desktops. Any UNIX machine that uses a bash shell. Experts claim it’s actually worse than the heartbleed bug, as it affects much more machines. The bug goes by the name shellshock, bashbug or bashbleed.

I read a lot about 2-factor, often also referred to as 2-step, authentication and considering all the recent data breaches (e.g iCloud hack) I thought why not give it a go? Google offers 2-factor authentication for its account for free. It’s well documented on the Google pages, but I will sum it up in just a few steps and explain what you need for it to work. I will also explain the culprits that come with it, because it looks easier than it is (especially, if you have older Android devices)

if you want to send me encrypted mails, you can do so by using my public key below:

Hi there,