Deploying Splunk Universal Forwarders via GPO

When you want to get security event data from your Windows endpoints, there exists a myriad of ways to achieve that objective. Here I am going to outline how to deploy the Splunk Universal Forwarder (UF) using a Group Policy Object (GPO). From there, you can configure the agents using a deployment server to ship the logs … Read more Deploying Splunk Universal Forwarders via GPO

Ansible User Account Provisioning

Whenever I stand up a new Linux machine, I always find myself doing the same four things:  Creating my main user account  Creating an ansible user account  Configuring sudoers  Copying over SSH Public Keys. Definitely, not something that evokes fun. I have tried various automation tools, but ansible has found a very special place in … Read more Ansible User Account Provisioning

Replacing the Default Splunk Web SSL Certificate

This post  goes over how to sign a SplunkWeb Certificate Signing Request (CSR) using my Root CA in pfSense. I do not cover creating the Root CA. Step 1: Create the directory for the certificates

Step 2: Generate the private key and temporary password

Step 3: Remove the password from the private key … Read more Replacing the Default Splunk Web SSL Certificate

Working with Raw LVM Disk Images

Mounting disk images on Linux is fairly straight forward, however an image with a Logical Volume Manager (LVM) partition requires a little more attention. The first thing I do is find out some information about the image(s):

-l lists the partition table and -o outputs the columns specified. This particular image has two partitions … Read more Working with Raw LVM Disk Images

Slackware LVM over LUKS

This is mostly a post to document my process of setting up Full Disk Encryption (FDE) using the Linux Unified Key Setup (LUKS) and the Logical Volume Manager (LVM). Most major distributions already enable this process at installation, however Slackware does not and it must be done by hand. I am going to use an … Read more Slackware LVM over LUKS

Using NetworkManager with DNSMasq and Slackware

dnsmasq on Slackware 14.2 is compiled without D-Bus.

The logs show NetworkManager trying to start dnsmasq, but failing:

After downloading the source files and SlackBuild resources from a Slackware Mirror, validate the GPG  signature using the provided .asc file. Below are the contents of a directory after I assembled all the required pieces. … Read more Using NetworkManager with DNSMasq and Slackware

AutoFS with DHCP Classless Static Route Option

My FreeNAS server is a virtual machine (VM) on my Dell r710 server. I mount my NFS and CIFS Shares using AutoFS and configure my static routes to the NAS using the DHCP Server on my pfSense Appliance. AutoFS is software that uses the automounter of the Linux kernel to dynamically mount file systems on demand. … Read more AutoFS with DHCP Classless Static Route Option

Using OpenSSL and pfSense to sign a Subordinate Windows Enterprise Certificate Authority

Disclaimer: A Root CA trusted by Active Directory should not be trivialized. Make sure you know what you are doing when working with PKI. Take the time to study the technology before implementing it in production environments. There hasn’t been any extensive testing of this setup, so your mileage may vary. I have a pfSense Security Gateway … Read more Using OpenSSL and pfSense to sign a Subordinate Windows Enterprise Certificate Authority

Mounting NFS Shares in Windows Using Identity Mapping

Before we begin let us enable Services for NFS and both Sub Features. The typical way you will see an NFS share mounted in Windows involves mounting the remote file system using the anonymous (anon) user:

This will give you read only access based on the configured permissions of the NFS Share. Note:  The … Read more Mounting NFS Shares in Windows Using Identity Mapping